vulnerability
Red Hat JBoss EAP: CVE-2020-1732: Improper Access Control
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | Feb 14, 2020 | Sep 19, 2024 | Jul 9, 2025 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
Feb 14, 2020
Added
Sep 19, 2024
Modified
Jul 9, 2025
Description
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.. A flaw was found in WildFly where multiple requests occurring concurrently could be handled using the identity of another request. This vulnerability occurs when using EE Security with WildFly Elytron. The largest threat from this vulnerability is data confidentiality and integrity.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-284
- CWE-20
- CVE-2020-1732
- https://attackerkb.com/topics/CVE-2020-1732
- URL-https://access.redhat.com/security/cve/CVE-2020-1732
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1801726
- URL-https://access.redhat.com/errata/RHSA-2020:2058
- URL-https://access.redhat.com/errata/RHSA-2020:2059
- URL-https://access.redhat.com/errata/RHSA-2020:2060
- URL-https://access.redhat.com/errata/RHSA-2020:2061
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.