CVE-2021-20250: 
Java vulnerability analysis and mitigation

A vulnerability (CVE-2021-20250) was discovered in the WildFly JBoss EJB client that contains publicly accessible privileged actions. The vulnerability was identified on December 17, 2020, and affects the JBoss Enterprise Application Platform. This security flaw primarily impacts systems where JBoss EJB client version 4.0.38 and earlier versions are deployed (Red Hat Bugzilla).

The vulnerability exists in the JBoss EJB client component where certain privileged actions were publicly accessible. The issue has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates the vulnerability requires network access and low privileges to exploit, with no user interaction needed (NVD).

The primary impact of this vulnerability is to data confidentiality. If exploited, it could lead to information disclosure on the server where the vulnerable JBoss EJB client is deployed (CVE Mitre).

The vulnerability was fixed in JBoss EJB client version 4.0.39. Red Hat has released security updates through multiple advisories including RHSA-2021:0873, RHSA-2021:0874, and RHSA-2021:0885 for affected versions of JBoss Enterprise Application Platform (Red Hat Bugzilla).