7.5

CVE-2019-10184

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

Data is provided by the National Vulnerability Database (NVD)
RedhatUndertow Version < 2.0.23
RedhatJboss Data Grid Version- SwEditiontext-only
RedhatJboss Enterprise Application Platform Version- SwEditiontext-only
RedhatOpenshift Application Runtimes Version- SwEditiontext-only
RedhatSingle Sign-on Version- SwEditiontext-only
RedhatSingle Sign-on Version7.0
RedhatSingle Sign-on Version7.3
   RedhatEnterprise Linux Version8.0
RedhatSingle Sign-on Version7.3
   RedhatEnterprise Linux Version7.0
RedhatSingle Sign-on Version7.3
   RedhatEnterprise Linux Version6.0
NetappActive Iq Unified Manager Version- SwPlatformlinux
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappActive Iq Unified Manager Version- SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.68% 0.706
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.