vulnerability
Red Hat JBoss EAP: CVE-2021-20250: Exposure of Sensitive Information to an Unauthorized Actor
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Feb 17, 2021 | Sep 19, 2024 | Mar 25, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Feb 17, 2021
Added
Sep 19, 2024
Modified
Mar 25, 2026
Description
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.. A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-200
- CVE-2021-20250
- https://attackerkb.com/topics/CVE-2021-20250
- https://access.redhat.com/security/cve/CVE-2021-20250
- https://bugzilla.redhat.com/show_bug.cgi?id=1929479
- https://access.redhat.com/errata/RHSA-2021:0872
- https://access.redhat.com/errata/RHSA-2021:0873
- https://access.redhat.com/errata/RHSA-2021:0874
- https://access.redhat.com/errata/RHSA-2021:0885
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-1875
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.