Bug 13871

Summary: [CVE 21] jboss-ejb-client 2.1.4 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: CONFIRMED --- QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: e.kosachev, s.matveev, y.tumanov
Version: AllFlags: y.tumanov: secteam_verified?
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2021-20250,
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-10-18 20:27:05 MSK 
Please patch CVEs for package jboss-ejb-client version 2.1.4
  
INFO (CVEs are): jboss-ejb-client 2.1.4
 cves found
CVE-2021-20250
Desc: A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-20250
Severity: MEDIUM
Comment 1 Vladimir Potapov 2023-10-20 17:02:35 MSK 
*** Bug 13739 has been marked as a duplicate of this bug. ***