// For flags

CVE-2019-3834

 

Severity Score

7.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.

Se detectó que la corrección para CVE-2014-0114 había sido revertido en JBoss Operations Network 3 (JON). Este fallo permite a atacantes manipular las propiedades de ClassLoader en un servidor vulnerable. Las explotaciones publicadas se basan en las propiedades de ClassLoader que están expuestas, como las de JON 3. Información adicional puede ser encontrada en el artículo de la base de conocimiento de Red Hat: https://access.redhat.com/site/solutions/869353. Tenga en cuenta que mientras varios productos publicaron parches para el fallo original de CVE-2014-0114, la reversión descrita por este fallo de CVE-2019-3834 solo ocurrió en JON 3.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-01-03 CVE Reserved
  • 2019-10-03 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834 2019-10-10
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
 Jboss Operations Network
Search vendor "Redhat" for product "Jboss Operations Network"
 > 3.2.1 < 3.3.11
Search vendor "Redhat" for product "Jboss Operations Network" and version " > 3.2.1 < 3.3.11"
-
Affected