CVE-2020-14307 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-14307 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

EPSS 0.40% · 60.6th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.40%

60.6th percentile

Affected Products

Vendor	Product	Versions
redhat	amq	2.0
redhat	single_sign-on	7.0
redhat	jboss_fuse	6.0.0
Red Hat	wildfly	jboss-ejb-client versions shipped with Red Hat JBoss EAP 7
redhat	openshift_application_runtimes
redhat	jboss_enterprise_application_platform_continuous_delivery

Timeline

Jul 24, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Oct 7, 2022 CVE Updated

References

Open in Interactive Console →