VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-fsus-typ4-aaam

Essentials
Severities (123)
References (33)
Severity details (15)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-fsus-typ4-aaam
Aliases	CVE-2020-14297 GHSA-qcch-9268-59jw
Summary	A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-400	Uncontrolled Resource Consumption
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3141
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3142
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3143
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3144
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3461
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3462
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3463
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3464
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3501
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3539
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3637
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3638
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3639
rhas	Important	https://access.redhat.com/errata/RHSA-2020:3642
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:3817
rhas	Moderate	https://access.redhat.com/errata/RHSA-2021:3140
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14297.json
cvssv3.1	6.5	https://access.redhat.com/solutions/21906
generic_textual	MODERATE	https://access.redhat.com/solutions/21906
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00384	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
epss	0.00749	https://api.first.org/data/v1/epss?cve=CVE-2020-14297
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1853595
cvssv3.1	6.5	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-qcch-9268-59jw
cvssv3.1	6.5	https://github.com/wildfly/jboss-ejb-client
generic_textual	MODERATE	https://github.com/wildfly/jboss-ejb-client
cvssv3.1	6.5	https://github.com/wildfly/jboss-ejb-client/commit/e5f8e4b591f1698a53adc7e430584ca2a8fc9f1b
generic_textual	MODERATE	https://github.com/wildfly/jboss-ejb-client/commit/e5f8e4b591f1698a53adc7e430584ca2a8fc9f1b
cvssv3.1	6.5	https://github.com/wildfly/jboss-ejb-client/commits/4.0.34.Final
generic_textual	MODERATE	https://github.com/wildfly/jboss-ejb-client/commits/4.0.34.Final
cvssv2	4.0	https://nvd.nist.gov/vuln/detail/CVE-2020-14297
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2020-14297
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2020-14297

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14297.json
		https://access.redhat.com/solutions/21906
		https://api.first.org/data/v1/epss?cve=CVE-2020-14297
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
		https://github.com/wildfly/jboss-ejb-client
		https://github.com/wildfly/jboss-ejb-client/commit/e5f8e4b591f1698a53adc7e430584ca2a8fc9f1b
		https://github.com/wildfly/jboss-ejb-client/commits/4.0.34.Final
1853595		https://bugzilla.redhat.com/show_bug.cgi?id=1853595
cpe:2.3:a:redhat:amq:2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:amq:2.0:::::::*
cpe:2.3:a:redhat:jboss-ejb-client::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss-ejb-client::::::::
cpe:2.3:a:redhat:jboss_enterprise_application_platform_continuous_delivery:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform_continuous_delivery:-:::::::*
cpe:2.3:a:redhat:jboss_fuse:6.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_fuse:6.0.0:::::::*
cpe:2.3:a:redhat:openshift_application_runtimes:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_application_runtimes:-:::::::*
cpe:2.3:a:redhat:single_sign-on:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
CVE-2020-14297		https://access.redhat.com/security/cve/CVE-2020-14297
CVE-2020-14297		https://nvd.nist.gov/vuln/detail/CVE-2020-14297
GHSA-qcch-9268-59jw		https://github.com/advisories/GHSA-qcch-9268-59jw
RHSA-2020:3141		https://access.redhat.com/errata/RHSA-2020:3141
RHSA-2020:3142		https://access.redhat.com/errata/RHSA-2020:3142
RHSA-2020:3143		https://access.redhat.com/errata/RHSA-2020:3143
RHSA-2020:3144		https://access.redhat.com/errata/RHSA-2020:3144
RHSA-2020:3461		https://access.redhat.com/errata/RHSA-2020:3461
RHSA-2020:3462		https://access.redhat.com/errata/RHSA-2020:3462
RHSA-2020:3463		https://access.redhat.com/errata/RHSA-2020:3463
RHSA-2020:3464		https://access.redhat.com/errata/RHSA-2020:3464
RHSA-2020:3501		https://access.redhat.com/errata/RHSA-2020:3501
RHSA-2020:3539		https://access.redhat.com/errata/RHSA-2020:3539
RHSA-2020:3637		https://access.redhat.com/errata/RHSA-2020:3637
RHSA-2020:3638		https://access.redhat.com/errata/RHSA-2020:3638
RHSA-2020:3639		https://access.redhat.com/errata/RHSA-2020:3639
RHSA-2020:3642		https://access.redhat.com/errata/RHSA-2020:3642
RHSA-2020:3817		https://access.redhat.com/errata/RHSA-2020:3817
RHSA-2021:3140		https://access.redhat.com/errata/RHSA-2021:3140

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14297.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/solutions/21906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/wildfly/jboss-ejb-client

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/wildfly/jboss-ejb-client/commit/e5f8e4b591f1698a53adc7e430584ca2a8fc9f1b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/wildfly/jboss-ejb-client/commits/4.0.34.Final

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14297

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14297

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14297

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.31075
EPSS Score	0.00068
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.