CVE-2021-20250 – org.jboss:jboss-ejb-client

Package

Manager: maven
Name: org.jboss:jboss-ejb-client
Vulnerable Version: >=0 <4.0.39

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00171 pctl0.38758

Details

JBoss EJB Client information disclosure vulnerability A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

Metadata

Created: 2022-05-24T19:02:23Z
Modified: 2022-08-11T16:52:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2259-h742-5vr4/GHSA-2259-h742-5vr4.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-2259-h742-5vr4
Finding: F038
Auto approve: 1