7.5

CVE-2020-1748

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatWildfly Elytron Version < 1.6.8.final-redhat-00001
RedhatDecision Manager Version7.0
RedhatProcess Automation Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.44% 0.697
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://bugzilla.redhat.com/show_bug.cgi?id=1807707
Vendor Advisory
Issue Tracking
https://security.netapp.com/advisory/ntap-20201001-0005/
Third Party Advisory