CVE-2020-1719

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
VendorProductVersion
redhatwildfly
𝑥
< 20.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1796617
https://bugzilla.redhat.com/show_bug.cgi?id=1796617