CVE-2019-3834
Last modified
CVE-2019-3834 is a high-severity vulnerability rated 7.3/10 on the CVSS scale. It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. EPSS estimates a 1.01% chance of exploitation in the next 30 days.
Description
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Operations Network | > 3.2.1, < 3.3.11 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-3834?
How severe is CVE-2019-3834?
How do I fix CVE-2019-3834?
Are you affected by CVE-2019-3834?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST