Vulnerability Details CVE-2020-14307
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-14307
-
cpe:2.3:a:redhat:amq:2.0
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform_continuous_delivery:-
-
cpe:2.3:a:redhat:jboss_fuse:6.0.0
-
cpe:2.3:a:redhat:openshift_application_runtimes:-
-
cpe:2.3:a:redhat:single_sign-on:7.0