CVE-2020-14297

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Wildfly
Vendor: CVE Published:; 24 July 2020

Summary

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

Affected Version(s)

wildfly jboss-ejb-client as shipped with Red Hat JBoss EAP 7

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2020
Vulnerability Reserved
Jun 17, 2020