Denial of Service Vulnerability in Wildfly's Enterprise Java Beans from Red Hat
CVE-2020-14307

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Wildfly
Vendor: CVE Published:; 24 July 2020

Summary

A flaw in Wildfly's Enterprise Java Beans (EJB) found in Red Hat JBoss EAP 7 allows an attacker to potentially launch a denial of service attack. This occurs because SessionOpenInvocations are not removed from the remote InvocationTracker after a response is received by the EJB client and server, which can result in service unavailability.

Affected Version(s)

wildfly jboss-ejb-client versions shipped with Red Hat JBoss EAP 7

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14307

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2020
Vulnerability Reserved
Jun 17, 2020