CVE-2022-1278

WildFly: possible information disclosure

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

Se ha encontrado un fallo en WildFly, en el que un atacante puede visualizar los nombres de los despliegues, los endpoints y cualquier otro dato que pueda contener la carga útil de rastreo

A flaw was found in WildFly. This flaw allows an attacker to see deployment names, endpoints, and any other data the trace payload may contain.

AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.11.0 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service, information leakage, and traversal vulnerabilities.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-08 CVE Reserved
2022-09-13 CVE Published
2024-08-02 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-1188: Initialization of a Resource with an Insecure Default

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2073401	2023-03-22
https://access.redhat.com/security/cve/CVE-2022-1278	2023-04-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Wildfly Search vendor "Redhat" for product "Wildfly"				< 27.0.0 Search vendor "Redhat" for product "Wildfly" and version " < 27.0.0"		-		Affected
Redhat Search vendor "Redhat"		Amq Search vendor "Redhat" for product "Amq"				2.0 Search vendor "Redhat" for product "Amq" and version "2.0"		-		Affected
Redhat Search vendor "Redhat"		Amq Online Search vendor "Redhat" for product "Amq Online"				-		-		Affected
Redhat Search vendor "Redhat"		Integration Camel K Search vendor "Redhat" for product "Integration Camel K"				-		-		Affected
Redhat Search vendor "Redhat"		Integration Service Registry Search vendor "Redhat" for product "Integration Service Registry"				-		-		Affected
Redhat Search vendor "Redhat"		Jboss A-mq Search vendor "Redhat" for product "Jboss A-mq"				7 Search vendor "Redhat" for product "Jboss A-mq" and version "7"		-		Affected
Redhat Search vendor "Redhat"		Jboss Enterprise Application Platform Expansion Pack Search vendor "Redhat" for product "Jboss Enterprise Application Platform Expansion Pack"				-		-		Affected
Redhat Search vendor "Redhat"		Single Sign-on Search vendor "Redhat" for product "Single Sign-on"				7.0 Search vendor "Redhat" for product "Single Sign-on" and version "7.0"		-		Affected