CVE-2020-14297

EPSS 0.38%
Published 24.07.2020 16:15:11
Last modified 21.11.2024 05:02:57
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Amq Version2.0

Redhat ≫ Jboss-ejb-client Version >= 1.0.0 < 4.0.34

Redhat ≫ Jboss Enterprise Application Platform Continuous Delivery Version-

Redhat ≫ Jboss Fuse Version6.0.0

Redhat ≫ Openshift Application Runtimes Version-

Redhat ≫ Single Sign-on Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.38%	0.567

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-14297

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14297

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14297

EUVD