9.8
CVE-2019-10212
- EPSS 0.29%
- Published 02.10.2019 19:15:11
- Last modified 21.11.2024 04:18:39
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Jboss Data Grid Version >= 7.0.0 <= 7.3
Redhat ≫ Jboss Data Grid Version- SwEditiontext-only
Redhat ≫ Jboss Enterprise Application Platform Version- SwEditiontext-only
Redhat ≫ Jboss Fuse Version >= 7.0.0 <= 7.4
Redhat ≫ Openshift Application Runtimes Version- SwEditiontext-only
Redhat ≫ Single Sign-on Version >= 7.0 <= 7.3
Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows
Redhat ≫ Jboss Enterprise Application Platform Version7.2
Redhat ≫ Jboss Enterprise Application Platform Version7.3
Redhat ≫ Jboss Enterprise Application Platform Version7.4
Redhat ≫ Jboss Enterprise Application Platform Version7.2
Redhat ≫ Jboss Enterprise Application Platform Version7.3
Redhat ≫ Jboss Enterprise Application Platform Version7.4
Redhat ≫ Jboss Enterprise Application Platform Version7.2
Redhat ≫ Jboss Enterprise Application Platform Version7.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.52 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| secalert@redhat.com | 4.8 | 0.5 | 4.2 |
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.