CVE-2020-10740

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wildfly versions prior to 20.0.0.Final

Description A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in Wildfly. This issue allows for a potential attack.

Recommendations For versions prior to 20.0.0.Final, update to version 20.0.0.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the EJB components to minimize the risk of exploitation.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

BIT-WILDFLY-2020-10740

CVE-2020-10740

GHSA-VRMW-2XHQ-HRMP

RHSA-2020:3141

RHSA-2020:3142

RHSA-2020:3461

RHSA-2020:3462

RHSA-2020:3463

RHSA-2020:3637

RHSA-2020:3638

RHSA-2020:3639

RHSA-2025:9582

Affected Products

Wildfly

CVE-2020-10740

Weakness Enumeration

Related Identifiers

Affected Products

References · 8