What is CVE-2023-4061?

CVE-2023-4061 is a medium-severity vulnerability in Red Hat Jboss Enterprise Application Platform 7, classified under Information Disclosure. CVSS score: 6.5/10. Published 2023-11-08.

How severe is CVE-2023-4061?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Information disclosure in Red Hat Jboss Enterprise Application Platform 7

CVE-2023-4061

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obta…

Vulnerability class: Information Disclosure

EPSS: 0.008 (52.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

Affected products

Red Hat Jboss Enterprise Application Platform 7
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8 — versions 0:7.4.13-8.GA_redhat_00001.1.el8eap, 0:1.15.20-1.Final_redhat_00001.1.el8eap
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9 — versions 0:7.4.13-8.GA_redhat_00001.1.el9eap, 0:1.15.20-1.Final_redhat_00001.1.el9eap
Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7 — versions 0:7.4.13-8.GA_redhat_00001.1.el7eap, 0:1.15.20-1.Final_redhat_00001.1.el7eap
Red Hat Jboss Enterprise Application Platform 8
Redhat Enterprise_linux — versions 7.0, 8.0, 9.0
Redhat Jboss_enterprise_application_platform — versions 7.4
Redhat Wildfly_core

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vdb-entry, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Issue Tracking)

Frequently asked questions

What is CVE-2023-4061?: CVE-2023-4061 is a medium-severity vulnerability in Red Hat Jboss Enterprise Application Platform 7, classified under Information Disclosure. CVSS score: 6.5/10. Published 2023-11-08.
How severe is CVE-2023-4061?: Medium severity. CVSS v3 base score is 6.5 out of 10.