CVE-2020-14299

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1848533 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-16 14:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-14299

Mitre link : CVE-2020-14299

CVE.ORG link : CVE-2020-14299


JSON object : View

Products Affected

redhat

  • single_sign-on
  • jboss_enterprise_application_platform
  • openshift_application_runtimes
CWE
CWE-287

Improper Authentication