CVE-2023-4503 MEDIUM

CVE-2023-4503: Eap-galleon: custom provisioning creates unsecured http-invoker

Vendor Red Hat
Product EAP 7.4.14
Weakness CWE-665
Published February 6, 2024
Last update August 2, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

Key dates

02Disclosure timeline

February 6, 2024 CVE published
August 2, 2024 Record updated