CVE-2021-20250
Published May 13, 2021
Last updated 2 years ago
Overview
- Description
- A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss-ejb-client:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0F425F9-BB46-4AF7-8ACF-6C67F19BE15C",
"versionEndExcluding": "4.0.39"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC"
}
],
"operator": "OR"
}
]
}
]