What is CVE-2020-14297?

CVE-2020-14297 is a medium-severity vulnerability in Red Hat Wildfly, classified under Uncontrolled Resource Consumption. CVSS score: 6.5/10. Published 2020-07-24.

How severe is CVE-2020-14297?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Resource exhaustion in Red Hat Wildfly

CVE-2020-14297

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker ca…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.012 (64.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Red Hat Wildfly — versions jboss-ejb-client as shipped with Red Hat JBoss EAP 7
Redhat Amq — versions 2.0
Redhat Jboss-ejb-client
Redhat Jboss_enterprise_application_platform_continuous_delivery
Redhat Jboss_fuse — versions 6.0.0
Redhat Openshift_application_runtimes
Redhat Single_sign-on — versions 7.0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2020-14297?: CVE-2020-14297 is a medium-severity vulnerability in Red Hat Wildfly, classified under Uncontrolled Resource Consumption. CVSS score: 6.5/10. Published 2020-07-24.
How severe is CVE-2020-14297?: Medium severity. CVSS v3 base score is 6.5 out of 10.