Lucene search
AttackerKBAKB:9C1D0E92-46E7-498E-99D8-8198572E25E3HistoryJun 22, 2020 - 12:00 a.m.
CVE-2020-10740
2020-06-2200:00:00
attackerkb.com
20
EPSS
0.005
Percentile
75.3%
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
Recent assessments:
space-r7 at July 17, 2020 2:11pm UTC reported:
Versions of Wildfly below 20.0.0.Final can load arbitrary classes through either JNDI or EJB invocation, which could potentially result in RCE. Despite that, authentication is required, making exploitation all the more difficult.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 3
Related
osv
osv
CVE-2020-10740
2020-06-22 18:15:11
Wildfly Unsafe Deserialization Vulnerability
2022-05-24 17:21:23
BIT-wildfly-2020-10740
2024-03-06 11:09:40
cvelist
cvelist
CVE-2020-10740
2020-06-22 17:39:58
cve
cve
CVE-2020-10740
2020-06-22 18:15:11
redhatcve
redhatcve
CVE-2020-10740
2020-06-02 13:21:55
prion
prion
Deserialization of untrusted data
2020-06-22 18:15:00
veracode
veracode
Unsafe Deserialization
2020-06-03 05:41:48
github
github
Wildfly Unsafe Deserialization Vulnerability
2022-05-24 17:21:23
nvd
nvd
CVE-2020-10740
2020-06-22 18:15:11
openvas
openvas
Red Hat WildFly < 20.0.0 Multiple Vulnerabilities
2023-08-18 00:00:00
redhat
redhat
nessus
nessus