Lucene search

GoogleOSV:GHSA-QCCH-9268-59JW

HistoryMay 24, 2022 - 5:24 p.m.

Wildfly EJB Client causes DoS

2022-05-2417:24:17

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.7%

JSON

A flaw was discovered in Wildfly’s EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

CPENameOperatorVersion
org.jboss:jboss-ejb-clienteq4.0.0.Beta10
org.jboss:jboss-ejb-clienteq4.0.0.Beta27
org.jboss:jboss-ejb-clienteq1.0.30.Final
org.jboss:jboss-ejb-clienteq4.0.26.Final
org.jboss:jboss-ejb-clienteq4.0.0.Beta4
org.jboss:jboss-ejb-clienteq1.0.2.Final
org.jboss:jboss-ejb-clienteq2.0.0.Beta5
org.jboss:jboss-ejb-clienteq4.0.17.Final
org.jboss:jboss-ejb-clienteq4.0.0.Beta9
org.jboss:jboss-ejb-clienteq4.0.0.CR1

Name	Operator	Version
org.jboss:jboss-ejb-client	eq	4.0.0.Beta10
org.jboss:jboss-ejb-client	eq	4.0.0.Beta27
org.jboss:jboss-ejb-client	eq	1.0.30.Final
org.jboss:jboss-ejb-client	eq	4.0.26.Final
org.jboss:jboss-ejb-client	eq	4.0.0.Beta4
org.jboss:jboss-ejb-client	eq	1.0.2.Final
org.jboss:jboss-ejb-client	eq	2.0.0.Beta5
org.jboss:jboss-ejb-client	eq	4.0.17.Final
org.jboss:jboss-ejb-client	eq	4.0.0.Beta9
org.jboss:jboss-ejb-client	eq	4.0.0.CR1

Rows per page:

1-10 of 1521

References

access.redhat.com/errata/RHSA-2020:3141

access.redhat.com/errata/RHSA-2020:3142

access.redhat.com/errata/RHSA-2020:3143

access.redhat.com/errata/RHSA-2020:3144

access.redhat.com/errata/RHSA-2020:3461

access.redhat.com/errata/RHSA-2020:3462

access.redhat.com/errata/RHSA-2020:3463

access.redhat.com/errata/RHSA-2020:3464

access.redhat.com/errata/RHSA-2020:3501

access.redhat.com/errata/RHSA-2020:3539

access.redhat.com/errata/RHSA-2020:3637

access.redhat.com/errata/RHSA-2020:3638

access.redhat.com/errata/RHSA-2020:3639

access.redhat.com/errata/RHSA-2020:3642

access.redhat.com/errata/RHSA-2020:3817

access.redhat.com/errata/RHSA-2021:3140

access.redhat.com/security/cve/CVE-2020-14297

access.redhat.com/solutions/21906

bugzilla.redhat.com/show_bug.cgi?id=1853595

bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297

github.com/wildfly/jboss-ejb-client

github.com/wildfly/jboss-ejb-client/commit/e5f8e4b591f1698a53adc7e430584ca2a8fc9f1b

github.com/wildfly/jboss-ejb-client/commits/4.0.34.Final

nvd.nist.gov/vuln/detail/CVE-2020-14297

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

28.7%

JSON

Related for OSV:GHSA-QCCH-9268-59JW