← Back to CVEs
CVE-2021-20250
MEDIUM4.3
Description
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published5/13/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
redhat:jboss-ejb-clientredhat:jboss_enterprise_application_platform_expansion_pack
Weaknesses (CWE)
CWE-200CWE-200
References
https://bugzilla.redhat.com/show_bug.cgi?id=1929479(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1929479(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.