CVE-2020-1719

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: wildfly versions prior to 20.0.0.Final

Description: A flaw was found in the EJBContext principle, which is not popped back after invoking another EJB using a different Security Domain. The highest threat from this issue is to data confidentiality and integrity.

Recommendations: For versions prior to 20.0.0.Final, update to wildfly 20.0.0.Final or later to resolve the issue. As a temporary workaround, consider restricting the use of EJBs with different Security Domains to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-270

Related Identifiers

BIT-WILDFLY-2020-1719

CVE-2020-1719

GHSA-P9CF-QJXQ-VXW6

RHSA-2020:2058

RHSA-2020:2059

RHSA-2020:2060

RHSA-2020:2511

RHSA-2020:2512

RHSA-2020:2513

Affected Products

Wildfly

CVE-2020-1719

Weakness Enumeration

Related Identifiers

Affected Products

References · 7