Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for kie-server by KIE

    CVE-2016-7043 (GCVE-0-2016-7043)

    Vulnerability from nvd – Published: 2019-05-15 15:46 – Updated: 2024-08-06 01:50
    VLAI
    Summary
    It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    KIE kie-server Affected: affects < 7.21.0.Final
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:50:47.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/kiegroup/droolsjbpm-integration/pull/1273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kie-server",
              "vendor": "KIE",
              "versions": [
                {
                  "status": "affected",
                  "version": "affects \u003c 7.21.0.Final"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-260",
                  "description": "CWE-260",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-15T15:46:17.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/kiegroup/droolsjbpm-integration/pull/1273"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-7043",
        "datePublished": "2019-05-15T15:46:17.000Z",
        "dateReserved": "2016-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:50:47.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7043 (GCVE-0-2016-7043)

    Vulnerability from cvelistv5 – Published: 2019-05-15 15:46 – Updated: 2024-08-06 01:50
    VLAI
    Summary
    It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    KIE kie-server Affected: affects < 7.21.0.Final
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:50:47.418Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/kiegroup/droolsjbpm-integration/pull/1273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "kie-server",
              "vendor": "KIE",
              "versions": [
                {
                  "status": "affected",
                  "version": "affects \u003c 7.21.0.Final"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-260",
                  "description": "CWE-260",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-15T15:46:17.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7043"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/kiegroup/droolsjbpm-integration/pull/1273"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-7043",
        "datePublished": "2019-05-15T15:46:17.000Z",
        "dateReserved": "2016-08-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:50:47.418Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }