vulnerability
Red Hat JBoss EAP: CVE-2020-1729: Incorrect Authorization
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Feb 13, 2020 | Sep 19, 2024 | Jul 2, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Feb 13, 2020
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2. A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-863
- CVE-2020-1729
- https://attackerkb.com/topics/CVE-2020-1729
- URL-https://access.redhat.com/security/cve/CVE-2020-1729
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1802444
- URL-https://access.redhat.com/errata/RHSA-2020:2058
- URL-https://access.redhat.com/errata/RHSA-2020:2059
- URL-https://access.redhat.com/errata/RHSA-2020:2060
- URL-https://access.redhat.com/errata/RHSA-2020:2061
- URL-https://access.redhat.com/errata/RHSA-2020:2511
- URL-https://access.redhat.com/errata/RHSA-2020:2512
- URL-https://access.redhat.com/errata/RHSA-2020:2513
- URL-https://access.redhat.com/errata/RHSA-2020:2515
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.