CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20250 – wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client
https://notcve.org/view.php?id=CVE-2021-20250
16 Mar 2021 — A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality. Se encontró un fallo en wildfly. El cliente JBoss EJB presenta acciones privilegiadas de acceso público que pueden conllevar a una divulgación de información en el servidor en el que está implementado. • https://bugzilla.redhat.com/show_bug.cgi?id=1929479 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-14297 – wildfly: Some EJB transaction objects may get accumulated causing Denial of Service
https://notcve.org/view.php?id=CVE-2020-14297
24 Jul 2020 — A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. Se detectó un fallo en Wildfly's EJB Client que se incluyó con Red Hat JBoss EAP 7, donde algunos objetos de transacción EJB específicos pueden ser acumulados con el tiempo y pueden causar q... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297 • CWE-400: Uncontrolled Resource Consumption •