Denial of Service Vulnerability in Red Hat JBoss EAP's EJB Client
CVE-2020-14297

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Wildfly
Vendor: CVE Published:; 24 July 2020

Summary

A vulnerability in Red Hat JBoss EAP 7's EJB Client allows for the accumulation of certain EJB transaction objects over time, which can lead to significant service degradation. When exploited, this vulnerability can result in a denial of service attack, rendering services unavailable to legitimate users. Organizations using JBoss EAP 7 should assess their vulnerability status and implement recommended security measures to mitigate potential impacts.

Affected Version(s)

wildfly jboss-ejb-client as shipped with Red Hat JBoss EAP 7

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2020
Vulnerability Reserved
Jun 17, 2020