CVE-2020-1732 vulnerability in Red Hat Products
Published on May 4, 2020

A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.

NVD

Vulnerability Analysis

CVE-2020-1732 is exploitable with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2020-1732 has been classified to as an Authorization vulnerability or weakness.

Products Associated with CVE-2020-1732

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Jboss Enterprise Application Platform

Red Hat Jboss Enterprise Application Platform Continuous Delivery

Red Hat Openshift Application Runtimes

Red Hat Soteria

Affected Versions

Red Hat Soteria Version before 1.0.1 is affected by CVE-2020-1732

Exploit Probability

EPSS

0.13%

Percentile

32.82%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.