CVE-2020-14297
Summary
| CVE | CVE-2020-14297 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-24 16:15:00 UTC |
| Updated | 2023-12-29 17:55:00 UTC |
| Description | A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. |
Risk And Classification
Problem Types: CWE-400
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Amq | 2.0 | All | All | All |
| Application | Redhat | Amq | 2.0 | All | All | All |
| Application | Redhat | Jboss-ejb-client | All | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform Continuous Delivery | - | All | All | All |
| Application | Redhat | Jboss Enterprise Application Platform Continuous Delivery | - | All | All | All |
| Application | Redhat | Jboss Fuse | 6.0.0 | All | All | All |
| Application | Redhat | Jboss Fuse | 6.0.0 | All | All | All |
| Application | Redhat | Openshift Application Runtimes | - | All | All | All |
| Application | Redhat | Openshift Application Runtimes | - | All | All | All |
| Application | Redhat | Single Sign-on | 7.0 | All | All | All |
| Application | Redhat | Single Sign-on | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| 1853595 – (CVE-2020-14297) CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service | MISC | bugzilla.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| 1853595 – (CVE-2020-14297) CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.