CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-10212

CVSS 9.8v3.1pub. 2019-10-02upd. 2024-11-21

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Red Hat Enterprise Linux

    OS
    Redhat
    6.07.08.0
  • Red Hat Jboss Data Grid

    APP
    Redhat
    7.0.0 – 7.3
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    7.27.37.4
  • Red Hat Jboss Fuse

    APP
    Redhat
    7.0.0 – 7.4
  • Red Hat Openshift Application Runtimes

    APP
    Redhat
    wszystkie wersje
  • Red Hat Single Sign On

    APP
    Redhat
    7.0 – 7.3
  • Red Hat Undertow

    APP
    Redhat
    < 2.0.20
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...