CVE-2021-20250 — Sensitive Information Exposure in Redhat Jboss-ejb-client

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 61.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss-ejb-client Redhat Wildfly

Timeline

PublishedMay 13

Latest updateMay 24

Description

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDredhat/jboss-ejb-client< 4.0.39

▶CVEListV5redhat/wildflyjboss-ejb-client 4.0.39

🔴Vulnerability Details

GHSA

JBoss EJB Client information disclosure vulnerability↗2022-05-24

▶

OSV

JBoss EJB Client information disclosure vulnerability↗2022-05-24

▶

CVEList

CVE-2021-20250: A flaw was found in wildfly↗2021-05-13

▶

📋Vendor Advisories

Red Hat

wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client↗2021-02-17

▶