CVE-2021-20250

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

Published: May 13, 2021
Updated: May 9, 2024
CVE: CVE-2021-20250
GHSA: GHSA-2259-h742-5vr4
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
redhat / jboss-ejb-client	-	4.0.39
org.jboss / jboss-ejb-client	-	4.0.39

https://bugzilla.redhat.com/show_bug.cgi?id=1929479

Vulnerability Database

289,599

CVE-2021-20250