CVE-2021-20250
MEDIUM4.3EPSS 0.29%JBoss EJB Client information disclosure vulnerability
Published: 5/24/2022Modified: 11/8/2023
Also known as:GHSA-2259-h742-5vr4
Description
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Affected packages (1)
- Maven/org.jboss:jboss-ejb-clientfrom 0, < 4.0.39
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |