CVE-2018-10683
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2018-10683 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
Red Hat Product Security does not consider this issue to be a vulnerability. The default installation are by default secured and set to have an authentication mechanism in place. It is possible to explicitly remove the realm from the configuration files when needed. For example, in case there's need to run in single user mode for development use, ability to switch off security is desirable so the admin console can be accessed without the need for user accounts. There is adequate mechanism in place to secure the WildFly environment.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 8.1 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity Impact | High |
| Availability Impact | High |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | eap7-wildfly | Not affected |
| Red Hat Single Sign-On 7 | wildfly | Not affected |
| Red Hat JBoss EAP 7 | wildfly | Not affected |
| Red Hat JBoss Data Grid 7 | wildfly | Not affected |
Acknowledgements
Red Hat would like to thank Jean-marie Bourbon (Excellium-Services) and Anthony Maia (Excellium-Services) for reporting this issue.CVE description copyright © 2017, The MITRE Corporation