{"containers": {"cna": {"affected": [{"product": "wildfly", "vendor": "n/a", "versions": [{"status": "affected", "version": "jboss-ejb-client 4.0.39"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-13T13:35:25", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-20250", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "wildfly", "version": {"version_data": [{"version_value": "jboss-ejb-client 4.0.39"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:37:23.015Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-20250", "datePublished": "2021-05-13T13:35:25", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:37:23.015Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss-ejb-client:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0F425F9-BB46-4AF7-8ACF-6C67F19BE15C", "versionEndExcluding": "4.0.39", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en wildfly. El cliente JBoss EJB presenta acciones privilegiadas de acceso p\u00fablico que pueden conllevar a una divulgaci\u00f3n de informaci\u00f3n en el servidor en el que est\u00e1 implementado. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos"}], "id": "CVE-2021-20250", "lastModified": "2022-08-05T16:00:31.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-13T14:15:17.607", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2755", "cpe": "cpe:/a:redhat:jbosseapxp", "package": "jboss-ejb-client", "product_name": "Red Hat EAP-XP 2.0.0 via EAP 7.3.x base", "release_date": "2021-07-15T00:00:00Z"}, {"advisory": "RHSA-2021:2210", "cpe": "cpe:/a:redhat:jbosseapxp", "package": "jboss-ejb-client", "product_name": "Red Hat EAP-XP via EAP 7.3.x base", "release_date": "2021-06-02T00:00:00Z"}, {"advisory": "RHSA-2021:0885", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package": "jboss-ejb-client", "product_name": "Red Hat JBoss Enterprise Application Platform 7.1.0", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0872", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0873", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0874", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package": "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date": "2021-03-16T00:00:00Z"}, {"advisory": "RHSA-2021:0974", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "package": "jboss-ejb-client", "product_name": "Red Hat Single Sign-On 7.4.6", "release_date": "2021-03-23T00:00:00Z"}], "bugzilla": {"description": "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client", "id": "1929479", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.", "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality."], "name": "CVE-2021-20250", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "jboss-ejb-client", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "jboss-ejb-client", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "jboss-ejb-client", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "jboss-ejb-client", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "jboss-ejb-client", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "jboss-ejb-client", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "package_name": "jboss-ejb-client", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "jboss-ejb-client", "product_name": "Red Hat OpenShift Application Runtimes"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "jboss-ejb-client", "product_name": "Red Hat Process Automation 7"}], "public_date": "2021-02-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-20250\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20250"], "threat_severity": "Moderate", "upstream_fix": "jboss-ejb-client 4.0.39"}