Description

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

Remediation

References

CVE-2019-14885

Related Vulnerabilities

Jenkins Missing Authorization Vulnerability (CVE-2021-21687)

WordPress Plugin Form Builder-Create Responsive Contact Forms Cross-Site Scripting (1.9.8.4)

WordPress Plugin Advanced Import: One Click Import for WordPress or Theme Demo Data Security Bypass (1.0.7)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.27)

WordPress Plugin All In One Favicon Cross-Site Scripting (4.6)

Severity

Medium

Classification

CVE-2019-14885 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities