VYPR
Unrated severityNVD Advisory· Published Feb 6, 2024· Updated Aug 2, 2024

Eap-galleon: custom provisioning creates unsecured http-invoker

CVE-2023-4503

Description

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Red Hat/EAP 7.4.14v5
    cpe:/a:redhat:jboss_enterprise_application_platform:7.4
  • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7+ 2 more
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7range: 0:7.4.14-5.GA_redhat_00002.1.el7eap
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8range: 0:7.4.14-5.GA_redhat_00002.1.el8eap
    • cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9range: 0:7.4.14-5.GA_redhat_00002.1.el9eap
  • Red Hat/Galleonllm-create

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.