CVE-2020-14297
Last modified
CVE-2020-14297 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.. EPSS estimates a 1.20% chance of exploitation in the next 30 days.
Description
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Amq | 2.0 |
| Redhat | Jboss-Ejb-Client | >= 1.0.0, < 4.0.34 |
| Redhat | Jboss Enterprise Application Platform Continuous Delivery | All versions |
| Redhat | Jboss Fuse | 6.0.0 |
| Redhat | Openshift Application Runtimes | All versions |
| Redhat | Single Sign-On | 7.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297Issue Tracking, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-14297?
How severe is CVE-2020-14297?
How do I fix CVE-2020-14297?
Are you affected by CVE-2020-14297?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST