Cybersecurity specialists reported the finding of multiple vulnerabilities in JBoss Enterprise Application Platform, the open source Java EE application server runtime tool used to build, deploy, and host Java applications and services maintained by Red Hat Inc. According to the report, successful exploitation of these flaws would enable the deployment of privilege escalations, brute force attacks, among other risk scenarios.
Below are brief descriptions of the reported flaws, in addition to their respective identification keys and scores according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-8908: This flaw exists due to the existence of some incorrect default permissions for files located in the temporary directory set by Guava com.google.common.io.Files.createTempDir(). A threat actor with system access could access the contents of files and directories without restriction.
The vulnerability received a score of 3.9/10 and its exploitation would allow a local user to scale privileges on the system.
CVE-2020-10687: Incorrect validation of HTTP requests when processing HTTP/1.x and HTTP/2 requests would allow remote threat actors to send specially designed HTTP requests to the server to insert arbitrary headers.
The flaw received a CVSS score of 6.3/10.
CVE-2020-28052: A comparison error in the OpenBSDBCrypt.checkPassword() function in core/src/main/java/org/bouncycastle/crypto/generators/OpenBSDBCrypt.java matching passwords with hashing allows remote attackers to pass an incorrect password that will be accepted as valid by the library.
This allows you to evade the authentication process and gain unauthorized access to the application that uses the vulnerable version of Bouncy Castle. This flaw received a score of 7.1/10.
CVE-2020-35510: Insufficient validation of user input when processing EJB client requests would allow remote users to send a specially designed EJB message to the server in order to perform a denial of service (DoS) attack.
The flaw received a score of 6/10.
CVE-2021-20220: This vulnerability exists due to incorrect validation of HTTP requests when processing HTTP/1.x and HTTP/2 protocols. A remote malicious hacker can send a specially designed HTTP request to the server and smuggle arbitrary HTTP headers.
This is an average severity flaw that received a score of 6.3/10.
CVE-2021-20250: This flaw exists due to incorrect access restrictions, allowing unauthenticated remote attackers to gain unauthorized access to sensitive information.
The vulnerability received a score of 4.6/10 and its successful exploitation allows malicious hackers to gain unauthorized access to features that would otherwise be restricted
These flaws reside in the following versions of JBoss Enterprise Application Platform: 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, & 7.3.5.
While most of these flaws can be exploited remotely by unauthenticated threat actors, cybersecurity specialists have not detected exploit attempts in real-world scenarios or the existence of a malware variant associated with the attack.
Updates are now available, so users in affected deployments are encouraged to update as soon as possible. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.