CVE-2021-20250
JBoss EJB Client information disclosure vulnerability
4.3
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
How to fix CVE-2021-20250
To remediate CVE-2021-20250, upgrade the affected package to a fixed version below.
- —upgrade to 4.0.39 or later
Is CVE-2021-20250 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.0.39
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |