vulnerability
Red Hat JBoss EAP: CVE-2018-14627: Cleartext Transmission of Sensitive Information
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:S/C:C/I:N/A:N) | Jul 19, 2017 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:S/C:C/I:N/A:N)
Published
Jul 19, 2017
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-319
- CVE-2018-14627
- https://attackerkb.com/topics/CVE-2018-14627
- URL-https://access.redhat.com/security/cve/CVE-2018-14627
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1624664
- URL-https://access.redhat.com/errata/RHSA-2018:3527
- URL-https://access.redhat.com/errata/RHSA-2018:3528
- URL-https://access.redhat.com/errata/RHSA-2018:3529
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.