A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1807707 | Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20201001-0005/ | Third Party Advisory |
Configurations
History
28 Apr 2022, 18:33
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20201001-0005/ - Third Party Advisory |
Information
Published : 2020-09-16 16:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-1748
Mitre link : CVE-2020-1748
CVE.ORG link : CVE-2020-1748
JSON object : View
Products Affected
redhat
- decision_manager
- process_automation
- wildfly_elytron
CWE