Description

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

Remediation

References

CVE-2019-14885

Related Vulnerabilities

Jboss EAP Improper Input Validation Vulnerability (CVE-2010-1871)

WordPress Plugin AP Companion includes Backdoor [Only if downloaded via the vendor website] (1.0.6)

MediaWiki Improper Access Control Vulnerability (CVE-2012-4379)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)

WordPress Plugin WordPress Social Share, Social Login and Social Comments-Super Socializer Security Bypass (7.10.6)

Severity

Medium

Classification

CVE-2019-14885 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities