CVE-2019-3894

MEDIUM Year: 2019
CVSS v3 Score
5.4
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-358
View all →

Vulnerability Description

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.

Related Vulnerabilities

CVE-2017-2612

MEDIUM
CVSS:5.4(Medium)

In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK.

CWE-3582017

CVE-2019-3806

MEDIUM
CVSS:5.4(Medium)

An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly ...

CWE-3582019

CVE-2020-1728

MEDIUM
CVSS:5.4(Medium)

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does no...

CWE-3582020

CVE-2024-41907

LOW
CVSS:5.4(Medium)

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This coul...

CWE-3582024

CVE-2020-7251

MEDIUM
CVSS:5.5(Medium)

Improper access control vulnerability in Configuration Tool in McAfee Mcafee Endpoint Security (ENS) Prior to 10.6.1 February 2020 Update allows local users to disable security features via unauthoris...

CWE-3582020

CVE-2014-4843

MEDIUM
CVSS:5.3(Medium)

Curam Universal Access in IBM Curam Social Program Management (SPM) 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.5 iFix5 allows remote attackers to obtain sensitive information ab...

CWE-3582014