Description

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1929479

Related Vulnerabilities

CVE-2023-44794 Vulnerability in maven package cn.dev33:sa-token-core

CVE-2023-3223 Vulnerability in maven package io.undertow:undertow-servlet

CVE-2020-25802 Vulnerability in maven package org.craftercms:crafter-studio

CVE-2023-26474 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2019-14862 Vulnerability in maven package org.webjars.npm:knockout

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Vendor Advisory