Vulnerability Details : CVE-2020-1748
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
Products affected by CVE-2020-1748
- cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:wildfly_elytron:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-1748
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-1748
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2020-1748
-
https://bugzilla.redhat.com/show_bug.cgi?id=1807707
1807707 – (CVE-2020-1748) CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domainIssue Tracking;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20201001-0005/
CVE-2020-1748 WildFly Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to