Описание
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | jboss-ejb-client | Not affected | ||
| Red Hat Fuse 7 | jboss-ejb-client | Not affected | ||
| Red Hat JBoss Data Grid 7 | jboss-ejb-client | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 6 | jboss-ejb-client | Out of support scope | ||
| Red Hat JBoss Fuse 6 | jboss-ejb-client | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | jboss-ejb-client | Out of support scope | ||
| Red Hat JBoss Operations Network 3 | jboss-ejb-client | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | jboss-ejb-client | Not affected | ||
| Red Hat Process Automation 7 | jboss-ejb-client | Not affected | ||
| Red Hat EAP-XP 2.0.0 via EAP 7.3.x base | jboss-ejb-client | Fixed | RHSA-2021:2755 | 15.07.2021 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1929479wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
около 4 лет назад
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
CVSS3: 4.3
debian
около 4 лет назад
A flaw was found in wildfly. The JBoss EJB client has publicly accessi ...
CVSS3: 4.3
github
около 3 лет назад
JBoss EJB Client information disclosure vulnerability
4.3 Medium
CVSS3