CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "cpes": [
                "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:codeready_studio",
            "extracted_events": [
                {
                    "last_affected": "12.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpes": [
                "cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:descision_manager",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpes": [
                "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:jboss_fuse",
            "extracted_events": [
                {
                    "last_affected": "7.0.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "cpes": [
                "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "redhat:process_automation",
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ]
        }
    ]
}

References

CVE-2020-10714

Affected packages