CVE-2020-14307
published 2020-07-24CVE-2020-14307: A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | wildfly | — | — |
| redhat | amq | — | — |
| redhat | jboss_fuse | — | — |
| redhat | single_sign-on | — | — |