๐Ÿ” CVE Alert

CVE-2023-4061

MEDIUM 6.5

Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.

CWE CWE-200
Vendor red hat
Product red hat jboss enterprise application platform 7
Published Nov 8, 2023
Last Updated Nov 7, 2025
Stay Ahead of the Next One

Get instant alerts for red hat red hat jboss enterprise application platform 7

Be the first to know when new medium vulnerabilities affecting red hat red hat jboss enterprise application platform 7 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Affected Versions

Red Hat / Red Hat JBoss Enterprise Application Platform 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5484 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5485 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5486 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:5488 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-4061 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2228608