How severe is CVE-2019-14887?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2019-14887?

This is classified as CWE-757, which is a common weakness in software security.

CVE-2019-14887 - HIGH Severity | CVSS 7.4

Vulnerability Description

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.

Related Vulnerabilities

CVE-2017-9267

HIGH

CVSS:7.5(High)

In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.

CWE-7572017

CVE-2022-33160

HIGH

CVSS:7.5(High)

IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.

CWE-7572022

CVE-2022-23000

HIGH

CVSS:7.8(High)

The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdat...

CWE-7572022

CVE-2018-25029

HIGH

CVSS:8.1(High)

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a differ...

CWE-7572018

CVE-2023-2974

HIGH

CVSS:8.1(High)

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the ...

CWE-7572023

CVE-2020-16200

MEDIUM

CVSS:6.5(Medium)

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influen...

CWE-7572020