{"id":"CVE-2020-10714","details":"A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.","aliases":["GHSA-7fhr-2694-rg79"],"modified":"2026-05-15T12:04:02.742468263Z","published":"2020-09-23T13:15:15.233Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"12.0"}],"source":"CPE_FIELD","vendor_product":"redhat:codeready_studio"},{"cpes":["cpe:2.3:a:redhat:descision_manager:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD","vendor_product":"redhat:descision_manager"},{"cpes":["cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0.0"}],"source":"CPE_FIELD","vendor_product":"redhat:jboss_fuse"},{"cpes":["cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0"}],"source":"CPE_FIELD","vendor_product":"redhat:process_automation"}]},"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20201223-0002/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1825714"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}