CVE-2021-20250

Aliases:GHSA-2259-h742-5vr4
Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 13 May 2021, 13:35
Last modified:03 Aug 2024, 17:37

Vulnerability Summary

Overall Risk (default)
low
17/100
CVSS Score
4.3 MEDIUM
v3.1 (nvd)
EPSS Score
0.29% LOW
0% probability +0.12%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

13 May 2021, 13:35
Published
Vulnerability first disclosed
03 Aug 2024, 17:37
Last Modified
Vulnerability information updated

Description

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

CVSS Metrics

  • v3.1MEDIUMScore: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • v2.0MEDIUMScore: 4AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.29% Percentile: 53%

Techniques & Countermeasures

  • CWE-200Exposure of Sensitive Information to an Unauthorized Actor

    The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

  • org.jbossjboss-ejb-client

    < 4.0.39

  • redhatjboss_enterprise_application_platform_expansion_pack

    na

  • redhatjboss-ejb-client

    < 4.0.39

References (2)