nvd-json-data-feeds/CVE-2020/CVE-2020-142xx/CVE-2020-14297.json

{
  "id": "CVE-2020-14297",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2020-07-24T16:15:11.803",
  "lastModified": "2023-02-12T23:39:34.430",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un fallo en Wildfly's EJB Client que se incluy\u00f3 con Red Hat JBoss EAP 7, donde algunos objetos de transacci\u00f3n EJB espec\u00edficos pueden ser acumulados con el tiempo y pueden causar que los servicios se ralenticen y eventualmente no est\u00e9n disponibles. Un atacante puede tomar ventaja y causar un ataque de denegaci\u00f3n de servicio y hacer que los servicios no est\u00e9n disponibles"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      },
      {
        "source": "secalert@redhat.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "secalert@redhat.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:redhat:amq:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D3AF88-5812-4BB6-871F-C0EA39AD66AE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_continuous_delivery:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEFE06C8-4BF0-4EC0-A848-BF16CFCCDA57"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A33441B3-B301-426C-A976-08CE5FE72EFB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297",
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2020-14297",`
			`"sourceIdentifier": "secalert@redhat.com",`
			`"published": "2020-07-24T16:15:11.803",`
			`"lastModified": "2023-02-12T23:39:34.430",`
			`"vulnStatus": "Modified",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Se detect\u00f3 un fallo en Wildfly's EJB Client que se incluy\u00f3 con Red Hat JBoss EAP 7, donde algunos objetos de transacci\u00f3n EJB espec\u00edficos pueden ser acumulados con el tiempo y pueden causar que los servicios se ralenticen y eventualmente no est\u00e9n disponibles. Un atacante puede tomar ventaja y causar un ataque de denegaci\u00f3n de servicio y hacer que los servicios no est\u00e9n disponibles"`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 3.6`
			`},`
			`{`
			`"source": "secalert@redhat.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 3.6`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "SINGLE",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "PARTIAL",`
			`"baseScore": 4.0`
			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 8.0,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "secalert@redhat.com",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-400"`
			`}`
			`]`
			`},`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-400"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:redhat:amq:2.0:::::::*",`
			`"matchCriteriaId": "B6D3AF88-5812-4BB6-871F-C0EA39AD66AE"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_continuous_delivery:-:::::::*",`
			`"matchCriteriaId": "BEFE06C8-4BF0-4EC0-A848-BF16CFCCDA57"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:::::::*",`
			`"matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:::::::*",`
			`"matchCriteriaId": "A33441B3-B301-426C-A976-08CE5FE72EFB"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:::::::*",`
			`"matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297",`
			`"source": "secalert@redhat.com",`
			`"tags": [`
			`"Issue Tracking",`
			`"Third Party Advisory"`
			`]`
			`}`
			`]`
			`}`