CVE-2021-20250
MEDIUMJBoss EJB Client < 4.0.39 - Exposure of Sensitive Information via Privileged Actions
Title source: llmDescription
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1929479
Scores
CVSS v3
4.3
EPSS
0.0029
EPSS Percentile
52.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
org.jboss/jboss-ejb-client
0 - 4.0.39Maven
redhat/jboss-ejb-client
< 4.0.39
redhat/jboss_enterprise_application_platform_expansion_pack
Published
May 13, 2021
Tracked Since
Feb 18, 2026