Executive Summary

Title Red Hat Data Grid 7.3.4 security update
Name RHSA-2020:0728 First vendor Publication 2020-03-05
Vendor RedHat Last vendor Modification 2020-03-05
Severity (Vendor) N/A Revision 01

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Overall CVSS Score 4.9
Base Score 4.9 Environmental Score 4.9
impact SubScore 3.6 Temporal Score 4.9
Exploitabality Sub Score 1.2
Attack Vector Network Attack Complexity Low
Privileges Required High User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact High Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:P/A:N)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


Problem Description:

An update for Red Hat Data Grid is now available.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Description:

Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.

This release of Red Hat Data Grid 7.3.4 serves as a replacement for Red Hat Data Grid 7.3.3 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.

Security Fix(es):

* wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

3. Solution:

To install this update, do the following:

1. Download the Data Grid 7.3.4 server patch from the customer portal. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.4 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect.

4. Bugs fixed (https://bugzilla.redhat.com/):

1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default

5. References:

https://access.redhat.com/security/cve/CVE-2019-14838 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=70381&product=data.grid&version=7.3&downloadType=patches https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2020-0728.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-269 Improper Privilege Management

CPE : Common Platform Enumeration

Application 1
Application 1
Application 8

Alert History

If you want to see full details history, please login or register.
Date Informations
2020-05-23 13:03:45
  • Multiple Updates
2020-03-19 13:20:04
  • First insertion