Description

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1929479

Related Vulnerabilities

CVE-2023-26031 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-project

CVE-2014-0112 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2022-41933 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-default

CVE-2020-1951 Vulnerability in maven package org.apache.tika:tika-parsers

CVE-2021-44868 Vulnerability in maven package net.mingsoft:ms-mcms

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Vendor Advisory