CVE Vulnerability

CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212 Issue Tracking Mitigation
https://access.redhat.com/errata/RHSA-2019:2998 Vendor Advisory
https://access.redhat.com/errata/RHSA-2020:0727 Vendor Advisory
https://security.netapp.com/advisory/ntap-20220210-0017/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
Information

Published : 2019-10-02 07:15

Updated : 2022-02-20 06:20

NVD link : CVE-2019-10212

Mitre link : CVE-2019-10212

Products Affected

Enterprise Linux

Jboss Enterprise Application Platform

Redhat

CWE
CWE-532

Insertion of Sensitive Information into Log File