Vulnerabilities > CVE-2019-14860 - Unspecified vulnerability in Redhat Fuse and Syndesis

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

redhat

NVD

Published: 2019-11-08

Updated: 2020-10-09

Summary

It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Fuse 6.0.0 Redhat Fuse 6.1.0 Redhat Fuse 6.2.0 Redhat Fuse 6.2.1 Redhat Fuse 6.3.0 Redhat Fuse 7.0.0 Redhat Fuse 7.0.1 Redhat Fuse 7.1.0 Redhat Fuse 7.2.0 Redhat Fuse 7.3.0 Redhat Fuse 7.3.1 Redhat Fuse 7.4.0 Redhat Fuse 7.4.1 Redhat Syndesis -	14

Redhat

advisories

rhsa

id	RHSA-2019:3892

References

https://access.redhat.com/errata/RHSA-2019:3892
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14860