Vulnerability Description
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Amq | 2.0 |
| Redhat | Jboss-Ejb-Client | >= 1.0.0, < 4.0.34 |
| Redhat | Jboss Enterprise Application Platform Continuous Delivery | - |
| Redhat | Jboss Fuse | 6.0.0 |
| Redhat | Openshift Application Runtimes | - |
| Redhat | Single Sign-On | 7.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297Issue TrackingThird Party Advisory
FAQ
What is CVE-2020-14297?
CVE-2020-14297 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and...
How severe is CVE-2020-14297?
CVE-2020-14297 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14297?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Amq, Redhat Jboss-Ejb-Client, Redhat Jboss Enterprise Application Platform Continuous Delivery, Redhat Jboss Fuse, Redhat Openshift Application Runtimes.