๐Ÿ” CVE Alert

CVE-2023-4503

MEDIUM 6.8

Eap-galleon: custom provisioning creates unsecured http-invoker

CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

CWE CWE-665
Vendor red hat
Product eap 7.4.14
Published Feb 6, 2024
Last Updated Aug 2, 2024
Stay Ahead of the Next One

Get instant alerts for red hat eap 7.4.14

Be the first to know when new medium vulnerabilities affecting red hat eap 7.4.14 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Affected Versions

Red Hat / EAP 7.4.14
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7637 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7638 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7639 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7641 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-4503 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2184751