Description
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
Scores
CVSS v3
6.5
EPSS
0.0025
EPSS Percentile
48.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (7)
org.jboss/jboss-ejb-client
0 - 4.0.34.FinalMaven
redhat/amq
2.0
redhat/jboss-ejb-client
1.0.0 - 4.0.34
redhat/jboss_enterprise_application_platform_continuous_delivery
redhat/jboss_fuse
6.0.0
redhat/openshift_application_runtimes
redhat/single_sign-on
7.0
Published
Jul 24, 2020
Tracked Since
Feb 18, 2026