CVE-2020-14297
moderate-risk
Published 2020-07-24
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
Do I need to act?
-
0.25% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ LOW complexity
Affected Products (6)
Amq
Jboss-Ejb-Client
Jboss Enterprise Application Platform Continuous Delivery
Affected Vendors
References (2)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
38
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
1/34 · Minimal
Exposure
13/34 · Low