CVE-2019-3894 vulnerability in Red Hat Products
Published on May 3, 2019
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.
Weakness Type
Improperly Implemented Security Check for Standard
The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Products Associated with CVE-2019-3894
stack.watch emails you whenever new vulnerabilities are published in Red Hat Jboss Enterprise Application Platform or Red Hat Wildfly. Just hit a watch button to start following.
Affected Versions
Red Hat wildfly Version affects from 11 to 16 is affected by CVE-2019-3894Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.