{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T23:30:55.128","vulnerabilities":[{"cve":{"id":"CVE-2020-10718","sourceIdentifier":"secalert@redhat.com","published":"2020-09-16T19:15:13.210","lastModified":"2024-11-21T04:55:55.247","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is to confidentiality."},{"lang":"es","value":"Se encontró un fallo en Wildfly versiones anteriores a wildfly-embedded-13.0.0.Final, donde la API del proceso administrado incorporado presenta una configuración expuesta del Thread Context Classloader (TCCL). Esta configuración se expone como un método público, que puede omitir al administrador de seguridad. La mayor amenaza de esta vulnerabilidad es la confidencialidad"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B40CCE4F-EA2C-453D-BB76-6388767E5C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:wildfly:*:*:*:*:*:*:*:*","versionEndExcluding":"13.0.0","matchCriteriaId":"53A3AB58-49BA-4A9E-9419-C2787118368C"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828476","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1828476","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}