How severe is CVE-2019-14843?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2019-14843?

This is classified as CWE-592, which is a common weakness in software security.

CVE-2019-14843 - HIGH Severity | CVSS 7.5

Vulnerability Description

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.

Related Vulnerabilities

CVE-2017-7537

HIGH

CVSS:7.5(High)

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to byp...

CWE-5922017

CVE-2016-8371

HIGH

CVSS:7.3(High)

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.

CWE-5922016

CVE-2019-3899

HIGH

CVSS:7.3(High)

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift C...

CWE-5922019

CVE-2017-7536

HIGH

CVSS:7.0(High)

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are...

CWE-5922017

CVE-2019-10201

HIGH

CVSS:8.1(High)

It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message i...

CWE-5922019

CVE-2017-2650

HIGH

CVSS:8.5(High)

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permissi...

CWE-5922017