CVE-2020-10714

CVSS v3.1 7.5 (High)

CVSS v2.0 5.1 (Medium)

EPSS 0.18 % (56^th)

Affected Products 6

Advisories 1

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Weaknesses

CWE-384: Session Fixation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2020-09-23 13:15:15
(4 years ago)
Updated Date: 2022-11-08 13:58:38
(22 months ago)

Affected Products

Netapp

Oncommand Insight

Redhat

Configuration #1

		CPE23	From	Up To
	Redhat Wildfly Elytron prior 1.11.3 version	cpe:2.3:a:redhat:wildfly_elytron		< 1.11.3

Configuration #2

		CPE23	From	Up To
	Redhat Codeready Studio 12.0	cpe:2.3:a:redhat:codeready_studio:12.0
	Redhat Descision Manager 7.0	cpe:2.3:a:redhat:descision_manager:7.0
	Redhat Jboss Fuse 7.0.0	cpe:2.3:a:redhat:jboss_fuse:7.0.0
	Redhat Process Automation 7.0	cpe:2.3:a:redhat:process_automation:7.0

Configuration #3

		CPE23	From	Up To
	Netapp Oncommand Insight	cpe:2.3:a:netapp:oncommand_insight:-