CVE-2020-14297

CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 51.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss-ejb-client RED HAT Wildfly Redhat AMQ +2 more

Timeline

PublishedJul 24

Latest updateMay 24

Description

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶NVDredhat/jboss-ejb-client1.0.0 — 4.0.34

▶Mavenorg.jboss:jboss-ejb-client< 4.0.34.Final

▶CVEListV5red_hat/wildflyjboss-ejb-client as shipped with Red Hat JBoss EAP 7

▶NVDredhat/jboss_fuse6.0.0

▶NVDredhat/amq2.0

🔴Vulnerability Details

GHSA

Wildfly EJB Client causes DoS↗2022-05-24

▶

OSV

Wildfly EJB Client causes DoS↗2022-05-24

▶

CVEList

CVE-2020-14297: A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated ove↗2020-07-24

▶

📋Vendor Advisories

Red Hat

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service↗2020-07-23

▶

💬Community

Bugzilla

CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service↗2020-07-03

▶