What is CVE-2023-4503?

CVE-2023-4503 is a medium-severity vulnerability in Red Hat Eap 7.4.14, classified under Improper Initialization. CVSS score: 6.8/10. Published 2024-02-06.

How severe is CVE-2023-4503?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Is CVE-2023-4503 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Red Hat Eap 7.4.14

CVE-2023-4503

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available fro…

Vulnerability class: Dirty Pipe (CVE-2022-0847)

EPSS: 0.007 (49.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Red Hat Eap 7.4.14
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8 — versions 0:2.2.28-1.SP1_redhat_00001.1.el8eap, 0:7.4.14-5.GA_redhat_00002.1.el8eap
Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9 — versions 0:2.2.28-1.SP1_redhat_00001.1.el9eap, 0:7.4.14-5.GA_redhat_00002.1.el9eap
Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7 — versions 0:2.2.28-1.SP1_redhat_00001.1.el7eap, 0:7.4.14-5.GA_redhat_00002.1.el7eap
Red Hat Jboss Enterprise Application Platform Expansion Pack
Redhat Enterprise_linux — versions 7.0, 8.0, 9.0
Redhat Jboss_enterprise_application_platform — versions 7.4
Redhat Jboss_enterprise_application_platform_expansion_pack

Weakness classification (CWE)

CWE-665 — Improper Initialization

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vdb-entry, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking, Issue Tracking)

Frequently asked questions

What is CVE-2023-4503?: CVE-2023-4503 is a medium-severity vulnerability in Red Hat Eap 7.4.14, classified under Improper Initialization. CVSS score: 6.8/10. Published 2024-02-06.
How severe is CVE-2023-4503?: Medium severity. CVSS v3 base score is 6.8 out of 10.
Is CVE-2023-4503 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.