CVE-2021-20250

{"id": "CVE-2021-20250", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2021-05-13T14:15:17.607", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1929479", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en wildfly. El cliente JBoss EJB presenta acciones privilegiadas de acceso p\u00fablico que pueden conllevar a una divulgaci\u00f3n de informaci\u00f3n en el servidor en el que est\u00e1 implementado. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos"}], "lastModified": "2022-08-05T16:00:31.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss-ejb-client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0F425F9-BB46-4AF7-8ACF-6C67F19BE15C", "versionEndExcluding": "4.0.39"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}