CVE-2019-14885

Advisory lineage Upstream: 0 Downstream: 7

Downstream

RHSA-2020:0159 RHSA-2020:0160 RHSA-2020:0161 RHSA-2020:2169 RHSA-2020:2779 RHSA-2020:2780

Modified

Published: 23 Jan 2020, 00:00

Last modified:05 Aug 2024, 00:26

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.4 MEDIUM

v3.0 (cve.org)

EPSS Score

0.32% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Jan 2020, 00:00

Published

Vulnerability first disclosed

05 Aug 2024, 00:26

Last Modified

Vulnerability information updated

Description

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

CVSS Metrics

v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
v3.0•MEDIUM•Score: 5.4CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.32%• Percentile: 56%

Techniques & Countermeasures

CWE-532•Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.

Affected Systems

red hat•jboss eap
All versions before 7.2.6.GA
redhat•jboss_enterprise_application_platform
< 7.2.6 | 7.2.6
redhat•single_sign-on
7.0

References (1)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885