What is CVE-2021-20250?

CVE-2021-20250 is a medium-severity vulnerability in Redhat Jboss-ejb-client, classified under Information Disclosure. CVSS score: 4.3/10. Published 2021-05-13.

How severe is CVE-2021-20250?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Information disclosure in Redhat Jboss-ejb-client

CVE-2021-20250

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

Vulnerability class: Information Disclosure

EPSS: 0.007 (49.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Redhat Jboss-ejb-client
Redhat Jboss_enterprise_application_platform_expansion_pack
N/a Wildfly — versions jboss-ejb-client 4.0.39

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_MISC, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2021-20250?: CVE-2021-20250 is a medium-severity vulnerability in Redhat Jboss-ejb-client, classified under Information Disclosure. CVSS score: 4.3/10. Published 2021-05-13.
How severe is CVE-2021-20250?: Medium severity. CVSS v3 base score is 4.3 out of 10.