CVE-2020-14297

EPSS 0.38%
Veröffentlicht 24.07.2020 16:15:11
Zuletzt bearbeitet 21.11.2024 05:02:57
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Amq Version2.0

Redhat ≫ Jboss-ejb-client Version >= 1.0.0 < 4.0.34

Redhat ≫ Jboss Enterprise Application Platform Continuous Delivery Version-

Redhat ≫ Jboss Fuse Version6.0.0

Redhat ≫ Openshift Application Runtimes Version-

Redhat ≫ Single Sign-on Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.567

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-14297

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14297

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14297

EUVD