CVE-2018-10683

{"id": "CVE-2018-10683", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-05-09T08:29:00.283", "references": [{"url": "https://github.com/kmkz/exploit/blob/master/CVE-2018-10682-CVE-2018-10683.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that \"without a security realm reference\" implies \"effectively unsecured.\" The vendor explicitly supports these unsecured configurations because they have valid use cases during development"}, {"lang": "es", "value": "** EN DISPUTA ** Se ha descubierto un problema en WildFly 10.1.2.Final. En el caso de una instalaci\u00f3n por defecto sin una referencia de realm de seguridad, un atacante puede acceder con \u00e9xito al servidor sin autenticaci\u00f3n. NOTA: la documentaci\u00f3n de Security Realms en la gu\u00eda de administraci\u00f3n del producto indica que \"sin una referencia de realm de seguridad\" implica \"no asegurado de forma efectiva\". El fabricante soporta de manera expl\u00edcita estas configuraciones inseguras debido a que tienen casos de uso v\u00e1lidos durante el desarrollo."}], "lastModified": "2024-04-11T00:59:59.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:wildfly:10.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0685CB9-DC7C-4969-99E5-1ED80AA66164"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}