CVE-2020-14297 – org.jboss:jboss-ejb-client

Package

Manager: maven
Name: org.jboss:jboss-ejb-client
Vulnerable Version: >=0 <4.0.34.final

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00384 pctl0.58861

Details

Wildfly EJB Client causes DoS A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

Metadata

Created: 2022-05-24T17:24:17Z
Modified: 2023-08-22T21:54:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qcch-9268-59jw/GHSA-qcch-9268-59jw.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-qcch-9268-59jw
Finding: F002
Auto approve: 1