Vulnerabilities > CVE-2023-4503 - Unspecified vulnerability in Redhat products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2024-02-06

Updated: 2024-11-21

Summary

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Jboss Enterprise Application Platform - Redhat Jboss Enterprise Application Platform 7.4 Redhat Jboss Enterprise Application Platform Expansion Pack -	3
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0	3

References

https://access.redhat.com/errata/RHSA-2023:7637
https://access.redhat.com/errata/RHSA-2023:7637
https://access.redhat.com/errata/RHSA-2023:7638
https://access.redhat.com/errata/RHSA-2023:7638
https://access.redhat.com/errata/RHSA-2023:7639
https://access.redhat.com/errata/RHSA-2023:7639
https://access.redhat.com/errata/RHSA-2023:7641
https://access.redhat.com/errata/RHSA-2023:7641
https://access.redhat.com/security/cve/CVE-2023-4503
https://access.redhat.com/security/cve/CVE-2023-4503
https://bugzilla.redhat.com/show_bug.cgi?id=2184751
https://bugzilla.redhat.com/show_bug.cgi?id=2184751