CVE-2020-14297

Aliases:GHSA-qcch-9268-59jw

Advisory lineage Upstream: 0 Downstream: 9

Downstream

RHSA-2020:3141 RHSA-2020:3142 RHSA-2020:3461 RHSA-2020:3462 RHSA-2020:3463 RHSA-2020:3637

Modified

Published: 24 Jul 2020, 15:37

Last modified:15 Oct 2024, 17:14

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

v3.1 (cve.org)

EPSS Score

0.25% LOW

0% probability -0.13%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

24 Jul 2020, 15:37

Published

Vulnerability first disclosed

15 Oct 2024, 17:14

Last Modified

Vulnerability information updated

Description

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.25%• Percentile: 49%

Techniques & Countermeasures

CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

org.jboss•jboss-ejb-client
< 4.0.34.Final
red hat•wildfly
jboss-ejb-client as shipped with Red Hat JBoss EAP 7
redhat•amq
2.0
redhat•jboss_enterprise_application_platform_continuous_delivery
na
redhat•jboss_fuse
6.0.0
redhat•jboss-ejb-client
≥ 1.0.0, < 4.0.34
redhat•openshift_application_runtimes
na
redhat•single_sign-on
7.0