A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNetapp Active Iq Unified Manager
APPNetappwszystkie wersjeRed Hat Enterprise Linux
OSRedhat6.07.08.0Red Hat Jboss Data Grid
APPRedhat7.0.0 – 7.3Red Hat Jboss Enterprise Application Platform
APPRedhat7.27.37.4Red Hat Jboss Fuse
APPRedhat7.0.0 – 7.4Red Hat Openshift Application Runtimes
APPRedhatwszystkie wersjeRed Hat Single Sign On
APPRedhat7.0 – 7.3Red Hat Undertow
APPRedhat< 2.0.20
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Referencje
Powiązane podatności
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...
CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt
In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...