How severe is CVE-2019-3834?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.6 out of 10.

What type of vulnerability is CVE-2019-3834?

This is classified as CWE-470, which is a common weakness in software security.

CVE-2019-3834 - MEDIUM Severity | CVSS 5.6

Vulnerability Description

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.

Related Vulnerabilities

CVE-2004-2331

MEDIUM

CVSS:5.5(Medium)

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using...

CWE-4702004

CVE-2023-35680

MEDIUM

CVSS:5.5(Medium)

In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privil...

CWE-4702023

CVE-2019-20635

MEDIUM

CVSS:6.1(Medium)

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.

CWE-4702019

CVE-2024-22258

MEDIUM

CVSS:6.1(Medium)

Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an ap...

CWE-4702024

CVE-2023-37207

MEDIUM

CVSS:6.5(Medium)

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing...

CWE-4702023

CVE-2024-1574

MEDIUM

CVSS:6.7(Medium)

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 ...

CWE-4702024