A flaw was discovered in Wildfly’s EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
access.redhat.com/errata/RHSA-2020:3141
access.redhat.com/errata/RHSA-2020:3142
access.redhat.com/errata/RHSA-2020:3143
access.redhat.com/errata/RHSA-2020:3144
access.redhat.com/errata/RHSA-2020:3461
access.redhat.com/errata/RHSA-2020:3462
access.redhat.com/errata/RHSA-2020:3463
access.redhat.com/errata/RHSA-2020:3464
access.redhat.com/errata/RHSA-2020:3501
access.redhat.com/errata/RHSA-2020:3539
access.redhat.com/errata/RHSA-2020:3637
access.redhat.com/errata/RHSA-2020:3638
access.redhat.com/errata/RHSA-2020:3639
access.redhat.com/errata/RHSA-2020:3642
access.redhat.com/errata/RHSA-2020:3817
access.redhat.com/errata/RHSA-2021:3140
access.redhat.com/security/cve/CVE-2020-14297
access.redhat.com/solutions/21906
bugzilla.redhat.com/show_bug.cgi?id=1853595
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14297
github.com/wildfly/jboss-ejb-client
github.com/wildfly/jboss-ejb-client/commit/e5f8e4b591f1698a53adc7e430584ca2a8fc9f1b
github.com/wildfly/jboss-ejb-client/commits/4.0.34.Final
nvd.nist.gov/vuln/detail/CVE-2020-14297