6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
28.7%
A flaw was discovered in Wildfly’s EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
CPE | Name | Operator | Version |
---|---|---|---|
org.jboss:jboss-ejb-client | lt | 4.0.34.Final |
access.redhat.com/errata/RHSA-2020:3141
access.redhat.com/errata/RHSA-2020:3142
access.redhat.com/errata/RHSA-2020:3143
access.redhat.com/errata/RHSA-2020:3144
access.redhat.com/errata/RHSA-2020:3461
access.redhat.com/errata/RHSA-2020:3462
access.redhat.com/errata/RHSA-2020:3463
access.redhat.com/errata/RHSA-2020:3464
access.redhat.com/errata/RHSA-2020:3501
access.redhat.com/errata/RHSA-2020:3539
access.redhat.com/errata/RHSA-2020:3637
access.redhat.com/errata/RHSA-2020:3638
access.redhat.com/errata/RHSA-2020:3639
access.redhat.com/errata/RHSA-2020:3642
access.redhat.com/errata/RHSA-2020:3817
access.redhat.com/errata/RHSA-2021:3140
access.redhat.com/security/cve/CVE-2020-14297
access.redhat.com/solutions/21906
bugzilla.redhat.com/show_bug.cgi?id=1853595
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
github.com/advisories/GHSA-qcch-9268-59jw
github.com/wildfly/jboss-ejb-client/commit/e5f8e4b591f1698a53adc7e430584ca2a8fc9f1b
github.com/wildfly/jboss-ejb-client/commits/4.0.34.Final
nvd.nist.gov/vuln/detail/CVE-2020-14297
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
28.7%