Vulnerability CVE-2020-14297


Published: 2020-07-24

Description:
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Redhat -> AMQ 
Redhat -> Jboss enterprise application platform continuous delivery 
Redhat -> Jboss fuse 
Redhat -> Openshift application runtimes 
Redhat -> Single sign-on 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297

Copyright 2022, cxsecurity.com

 

Back to Top