Description
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14838
https://access.redhat.com/errata/RHSA-2019:3083
https://access.redhat.com/errata/RHSA-2019:3082
https://access.redhat.com/errata/RHSA-2019:4018
https://access.redhat.com/errata/RHSA-2019:4021
https://access.redhat.com/errata/RHSA-2019:4020
https://access.redhat.com/errata/RHSA-2019:4019
https://access.redhat.com/errata/RHSA-2019:4041
https://access.redhat.com/errata/RHSA-2019:4040
https://access.redhat.com/errata/RHSA-2019:4042
https://access.redhat.com/errata/RHSA-2019:4045
https://access.redhat.com/errata/RHSA-2020:0728
Related Vulnerabilities
CVE-2021-1627 Vulnerability in maven package org.mule.runtime:mule
CVE-2021-26814 Vulnerability in npm package wazuh
CVE-2023-20866 Vulnerability in maven package org.springframework.session:spring-session-core
CVE-2022-35912 Vulnerability in maven package org.grails:grails-databinding
CVE-2023-45827 Vulnerability in npm package @clickbar/dot-diver