7.5

CVE-2023-4503

Eap-galleon: custom provisioning creates unsecured http-invoker

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.72% 0.49
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
secalert@redhat.com 6.8 1.6 5.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

https://access.redhat.com/errata/RHSA-2023:7637
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7638
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7639
Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7641
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2023-4503
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2184751
Issue Tracking