CVE-2020-1719

Aliases:GHSA-p9cf-qjxq-vxw6BIT-wildfly-2020-1719

Advisory lineage Upstream: 0 Downstream: 6

Downstream

RHSA-2020:2058 RHSA-2020:2059 RHSA-2020:2060 RHSA-2020:2511 RHSA-2020:2512 RHSA-2020:2513

Modified

Published: 07 Jun 2021, 16:23

Last modified:04 Aug 2024, 06:46

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v2.0 (nvd)

EPSS Score

0.12% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

07 Jun 2021, 16:23

Published

Vulnerability first disclosed

04 Aug 2024, 06:46

Last Modified

Vulnerability information updated

Description

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.

CVSS Metrics

v3.1•MEDIUM•Score: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
v2.0•MEDIUM•Score: 5.5AV:N/AC:L/Au:S/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.12%• Percentile: 31%

Techniques & Countermeasures

CWE-270•Privilege Context Switching Error
The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

Affected Systems

org.wildfly.bom•wildfly
< 20.0.0.Final
redhat•wildfly
< 20.0.0