Unrated severityNVD Advisory· Published Feb 6, 2024· Updated Aug 2, 2024
Eap-galleon: custom provisioning creates unsecured http-invoker
CVE-2023-4503
Description
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- cpe:/a:redhat:jbosseapxp
- Red Hat/EAP 7.4.14v5cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7+ 2 more
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7range: 0:7.4.14-5.GA_redhat_00002.1.el7eap
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8range: 0:7.4.14-5.GA_redhat_00002.1.el8eap
- cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9range: 0:7.4.14-5.GA_redhat_00002.1.el9eap
Patches
Vulnerability mechanics
References
6- access.redhat.com/errata/RHSA-2023:7637mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7638mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7639mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7641mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-4503mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.