vulnerability
Red Hat JBoss EAP: CVE-2018-14627: Cleartext Transmission of Sensitive Information
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:S/C:C/I:N/A:N) | Jul 19, 2017 | Sep 19, 2024 | Jul 2, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:S/C:C/I:N/A:N)
Published
Jul 19, 2017
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality="required" trust-in-target="supported"/>
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-319
- CVE-2018-14627
- https://attackerkb.com/topics/CVE-2018-14627
- https://access.redhat.com/security/cve/CVE-2018-14627
- https://bugzilla.redhat.com/show_bug.cgi?id=1624664
- https://access.redhat.com/errata/RHSA-2018:3527
- https://access.redhat.com/errata/RHSA-2018:3528
- https://access.redhat.com/errata/RHSA-2018:3529
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.