Vulnerabilities > CVE-2020-10740 - Deserialization of Untrusted Data vulnerability in Redhat Wildfly

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

redhat

CWE-502

NVD

Published: 2020-06-22

Updated: 2023-11-07

Summary

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Wildfly - Redhat Wildfly 7.2.0 Redhat Wildfly 7.2.3 Redhat Wildfly 7.2.5 Redhat Wildfly 8.0.0 Redhat Wildfly 8.1.0 Redhat Wildfly 8.2.0 Redhat Wildfly 8.2.1 Redhat Wildfly 9.0.0 Redhat Wildfly 9.0.1 Redhat Wildfly 9.0.2 Redhat Wildfly 10.0.0 Redhat Wildfly 10.1.0 Redhat Wildfly 10.1.2 Redhat Wildfly 11.0.0 Redhat Wildfly 12.0.0 Redhat Wildfly 13.0.0 Redhat Wildfly 14.0.0 Redhat Wildfly 14.0.1 Redhat Wildfly 15.0.0 Redhat Wildfly 15.0.1 Redhat Wildfly 16.0.0 Redhat Wildfly 17.0.0 Redhat Wildfly 17.0.1 Redhat Wildfly 18.0.0 Redhat Wildfly 18.0.1 Redhat Wildfly 19.0.0 Redhat Wildfly 19.1.0	58

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10740