Severity Rating: High
Software Affected
· JBoss Enterprise Application Platform 7.3 for RHEL 8 x86_64
· JBoss Enterprise Application Platform 7.3 for RHEL 7 x86_64
· JBoss Enterprise Application Platform 7.3 for RHEL 6 x86_64
· JBoss Enterprise Application Platform 6.4 for RHEL 7 x86_64
· JBoss Enterprise Application Platform 6.4 for RHEL 6 x86_64
· JBoss Enterprise Application Platform 6 for RHEL 7 x86_64
· JBoss Enterprise Application Platform 6 for RHEL 6 x86_64
· Keycloak versions prior to 11.0.0
Overview
A vulnerability has been reported in Red Hat JBoss Enterprise Application
Platform which could be exploited by a remote attacker to execute arbitrary
code on the target system.
Description
This vulnerability exists in Keycloak in Red Hat JBoss Enterprise
Application Platform due to lack of checks in ObjectInputStream, A remote
attacker could exploit this vulnerability by injecting crafted serialized
Java Objects resulting in deserialization in a privileged context.
Successful exploitation of this vulnerability could allow the attacker to
execute arbitrary code on the target system.
Solution
Apply appropriate updates as mentioned in the vendor advisory
Vendor Information
Red Hat
References
Red Hat
CVE Name
CVE-2020-1714
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.