{ "threat_severity" : "Moderate", "public_date" : "2021-02-17T00:00:00Z", "bugzilla" : { "description" : "wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client", "id" : "1929479", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1929479" }, "cvss3" : { "cvss3_base_score" : "4.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-200", "details" : [ "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.", "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality." ], "affected_release" : [ { "product_name" : "Red Hat EAP-XP 2.0.0 via EAP 7.3.x base", "release_date" : "2021-07-15T00:00:00Z", "advisory" : "RHSA-2021:2755", "cpe" : "cpe:/a:redhat:jbosseapxp", "package" : "jboss-ejb-client" }, { "product_name" : "Red Hat EAP-XP via EAP 7.3.x base", "release_date" : "2021-06-02T00:00:00Z", "advisory" : "RHSA-2021:2210", "cpe" : "cpe:/a:redhat:jbosseapxp", "package" : "jboss-ejb-client" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0885", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package" : "jboss-ejb-client" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0872", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0873", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-activemq-artemis-0:2.9.0-9.redhat_00019.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-bouncycastle-0:1.68.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-guava-failureaccess-0:1.0.1-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-guava-libraries-0:30.1.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hal-console-0:3.2.13-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-ironjacamar-0:1.4.27-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-ejb-client-0:4.0.39-1.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-logmanager-0:2.1.18-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-remoting-0:5.0.20-2.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-server-migration-0:1.7.2-5.Final_redhat_00006.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-narayana-0:5.9.11-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-undertow-0:2.0.34-1.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-0:7.3.6-1.GA_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-elytron-0:1.10.11-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-http-client-0:1.0.25-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-03-16T00:00:00Z", "advisory" : "RHSA-2021:0874", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-naming-client-0:1.0.14-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat Single Sign-On 7.4.6", "release_date" : "2021-03-23T00:00:00Z", "advisory" : "RHSA-2021:0974", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7", "package" : "jboss-ejb-client" } ], "package_state" : [ { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "jboss-ejb-client", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Not affected", "package_name" : "jboss-ejb-client", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Out of support scope", "package_name" : "jboss-ejb-client", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "jboss-ejb-client", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "jboss-ejb-client", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "jboss-ejb-client", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Out of support scope", "package_name" : "jboss-ejb-client", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat OpenShift Application Runtimes", "fix_state" : "Not affected", "package_name" : "jboss-ejb-client", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "jboss-ejb-client", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-20250\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20250" ], "name" : "CVE-2021-20250", "csaw" : false }