vulnerability

Red Hat JBoss EAP: CVE-2020-10740: Deserialization of Untrusted Data

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:S/C:P/I:P/A:P)	Jun 2, 2020	Sep 19, 2024	Jul 9, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:P)

Published

Jun 2, 2020

Added

Sep 19, 2024

Modified

Jul 9, 2025

Description

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.. A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans (EJB) due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity.

Solution

red-hat-jboss-eap-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today