A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

Affected Packages

Maven org.jboss:jboss-ejb-client

Affected versions: 0 (fixed in 4.0.39)

Related CVEs

CVE-2021-20250

Key Information

GHSA ID

GHSA-2259-h742-5vr4

Published

May 24, 2022 7:02 PM

Last Modified

August 11, 2022 4:52 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.jboss:jboss-ejb-client

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.