GHSA-qcch-9268-59jw · Severity: medium · Ecosystem: maven — Wildfly EJB Client causes DoS
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
Conclusion & alert: CVE-2020-14297 is rated Moderate Risk (49.4/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.20%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.25% | 1.20% | +0.95% |
| 2 | 2026-04-05 | 0.38% | 0.25% | -0.13% |
| 3 | 2025-11-21 | — | 0.38% | — |
Full EPSS history (14 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.5 | 3.1 | MEDIUM |
|
2.8 | 3.6 | [email protected] |
| 6.5 | 3.1 | MEDIUM |
|
2.8 | 3.6 | [email protected] |
| 4.0 | 2.0 | MEDIUM |
|
8.0 | 2.9 | [email protected] |
GHSA-qcch-9268-59jw · Severity: medium · Ecosystem: maven — Wildfly EJB Client causes DoS
| vendor | priority | summary | link |
|---|---|---|---|
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2020-14297 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| redhat | amq | 2.0 | cpe:2.3:a:redhat:amq:2.0:*:*:*:*:*:*:* |
| redhat | jboss-ejb-client | >= 1.0.0, < 4.0.34 | cpe:2.3:a:redhat:jboss-ejb-client:*:*:*:*:*:*:*:* |
| redhat | jboss_enterprise_application_platform_continuous_delivery | — | cpe:2.3:a:redhat:jboss_enterprise_application_platform_continuous_delivery:-:*:*:*:*:*:*:* |
| redhat | jboss_fuse | 6.0.0 | cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:* |
| redhat | openshift_application_runtimes | — | cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:* |
| redhat | single_sign-on | 7.0 | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297 | Issue Tracking Third Party Advisory |