Description
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
Remediation
References
https://access.redhat.com/errata/RHSA-2019:3082
https://access.redhat.com/errata/RHSA-2019:3083
https://access.redhat.com/errata/RHSA-2019:4018
https://access.redhat.com/errata/RHSA-2019:4019
https://access.redhat.com/errata/RHSA-2019:4020
https://access.redhat.com/errata/RHSA-2019:4021
https://access.redhat.com/errata/RHSA-2019:4040
https://access.redhat.com/errata/RHSA-2019:4041
https://access.redhat.com/errata/RHSA-2019:4042
https://access.redhat.com/errata/RHSA-2019:4045
https://access.redhat.com/errata/RHSA-2020:0728
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14838
Related Vulnerabilities
CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-broker
CVE-2020-13951 Vulnerability in maven package org.apache.openmeetings:openmeetings-server
CVE-2022-43441 Vulnerability in npm package sqlite3
CVE-2017-1000118 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.11
CVE-2020-2253 Vulnerability in maven package org.jenkins-ci.plugins:email-ext