CVE-2021-20250

Published: May 13, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

Affected (2)

Products: Redhat: Jboss Ejb Client, Jboss Enterprise Application Platform Expansion Pack

Redhat

2 products

Jboss Ejb Client

Jboss Enterprise Application Platform Expansion Pack

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Ejb Client	Before 4.0.39
Redhat Jboss Enterprise Application Platform Expansion Pack	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1929479

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1929479

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.