← back
CVE-2020-1732

CVE-2020-1732

CVSS 4.2 MEDIUMEPSS 0.7%CWE-284
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.2EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 May 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected products
Red Hat · Soteria

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54