CVE-2019-10212

high-risk

Published 2019-10-02

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

Do I need to act?

0.45% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: c2355785e6b08286cdfcb660c15c675d447c9d17

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (13)

Undertow

Jboss Data Grid

Jboss Enterprise Application Platform

Jboss Fuse

Openshift Application Runtimes

Single Sign-On

Active Iq Unified Manager

Jboss Enterprise Application Platform

Affected Vendors

Redhat Netapp

References (8)

Vendor Advisory https://access.redhat.com/errata/RHSA-2019:2998

Vendor Advisory https://access.redhat.com/errata/RHSA-2020:0727

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212

Third Party Advisory https://security.netapp.com/advisory/ntap-20220210-0017/

Vendor Advisory https://access.redhat.com/errata/RHSA-2019:2998

Vendor Advisory https://access.redhat.com/errata/RHSA-2020:0727

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10212

Third Party Advisory https://security.netapp.com/advisory/ntap-20220210-0017/

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 17/34 · Moderate