Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-10740

Опубликовано: 02 июн. 2020
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.

Меры по смягчению последствий

There is currently no known mitigation for this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Data Grid 8wildflyNot affected
Red Hat Decision Manager 7wildflyNot affected
Red Hat JBoss Data Grid 7wildflyNot affected
Red Hat JBoss Data Virtualization 6jbossasOut of support scope
Red Hat JBoss Data Virtualization 6wildflyOut of support scope
Red Hat JBoss Enterprise Application Platform 5jbossasOut of support scope
Red Hat JBoss Enterprise Application Platform 6jbossasOut of support scope
Red Hat JBoss Fuse 6wildflyFix deferred
Red Hat JBoss Operations Network 3wildflyOut of support scope
Red Hat JBoss SOA Platform 5jbossasOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=1834512wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

EPSS

Процентиль: 58%
0.00373
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-10740

CVSS3: 6.6
nvd
больше 5 лет назад

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.

debian логотип

CVE-2020-10740

CVSS3: 6.6
debian
больше 5 лет назад

A vulnerability was found in Wildfly in versions before 20.0.0.Final, ...

github логотип

GHSA-vrmw-2xhq-hrmp

CVSS3: 7.5
github
больше 3 лет назад

Wildfly Unsafe Deserialization Vulnerability

EPSS

Процентиль: 58%
0.00373
Низкий

7.5 High

CVSS3

Уязвимость CVE-2020-10740