CVE-2020-14307

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Wildfly
Vendor: CVE Published:; 24 July 2020

Summary

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

Affected Version(s)

wildfly jboss-ejb-client versions shipped with Red Hat JBoss EAP 7

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14307

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2020
Vulnerability Reserved
Jun 17, 2020