CVE-2020-14297 MEDIUM

CVE-2020-14297

Vendor Red Hat
Product wildfly
Weakness CWE-400
Published July 24, 2020
Last update October 15, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

Key dates

02Disclosure timeline

July 24, 2020 CVE published
October 15, 2024 Record updated