CVE-2018-14627 Vulnerability in maven package org.wildfly:wildfly-feature-pack

Description

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections:

Remediation

References

https://issues.jboss.org/browse/WFLY-9107

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627

https://access.redhat.com/errata/RHSA-2018:3529

https://access.redhat.com/errata/RHSA-2018:3528

https://access.redhat.com/errata/RHSA-2018:3527

https://access.redhat.com/errata/RHSA-2018:3595

https://security.netapp.com/advisory/ntap-20181221-0002/

Related Vulnerabilities

CVE-2020-2278 Vulnerability in maven package org.jenkins-ci.plugins:storable-configs-plugin

CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-api

CVE-2020-13949 Vulnerability in maven package org.apache.thrift:libthrift

CVE-2022-42466 Vulnerability in maven package org.apache.isis.viewer:isis-viewer-wicket-ui

CVE-2015-8854 Vulnerability in npm package marked

Severity

Medium

Classification

CWE-319 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N