Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-14297

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

Published

2020-07-24T16:15:11.803

Last Modified

2024-11-21T05:02:57.103

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-400
Type: Secondary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	amq	2.0	Yes
Application	redhat	jboss-ejb-client	< 4.0.34	Yes
Application	redhat	jboss_enterprise_application_platform_continuous_delivery	-	Yes
Application	redhat	jboss_fuse	6.0.0	Yes
Application	redhat	openshift_application_runtimes	-	Yes
Application	redhat	single_sign-on	7.0	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297 Issue Tracking, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)