Vulnerabilities > CVE-2016-7043 - Password in Configuration File vulnerability in Redhat Kie-Server

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

redhat

CWE-260

critical

NVD

Published: 2019-05-15

Updated: 2023-02-12

Summary

It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat KIE Server *	1

Common Weakness Enumeration (CWE)

CWE-260 - Password in Configuration File

References

https://github.com/kiegroup/droolsjbpm-integration/pull/1273
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043