redhat/amq: The latest CVE Vulnerabilities and Exploits for Penetration Test

 

Page content

redhat/amq Vulnerability Summary

  • Vendor name: redhat
  • Product name: amq
  • Total vulnerabilities: 7 (as 2023-05-04)

redhat/amq Vulnerability List

CVE-2020-14348: It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace…

Published: 2020-09-16T18:15:00 Last Modified: 2020-09-23T16:58:00

Summary

It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

Common Weakness Enumeration (CWE): CWE-754: Improper Check for Unusual or Exceptional Conditions

CWE Description: The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14348 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14319: It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF)…

Published: 2020-08-03T17:15:00 Last Modified: 2020-08-12T14:16:00

Summary

It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2.

Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)

CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Scores

  • Impact Score: 4.9
  • Exploitability Score: 4.9
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: HIGH
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14319 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14297: A flaw was discovered in Wildfly’s EJB Client as shipped with Red Hat JBoss EAP 7, where some…

Published: 2020-07-24T16:15:00 Last Modified: 2020-07-29T16:46:00

Summary

A flaw was discovered in Wildfly’s EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.

Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption

CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14297 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2020-14307: A vulnerability was found in Wildfly’s Enterprise Java Beans (EJB) versions shipped with Red Hat…

Published: 2020-07-24T16:15:00 Last Modified: 2021-11-04T16:01:00

Summary

A vulnerability was found in Wildfly’s Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.

Common Weakness Enumeration (CWE): CWE-404: Improper Resource Shutdown or Release

CWE Description: Improper release or shutdown of resources can be resultant from improper error handling or insufficient resource tracking.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 8.0
  • CVSS: 4.0
  • CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: NONE
  • Integrity: NONE

Access

  • Authentication: SINGLE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2020-14307 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2015-5182: Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.

Published: 2017-09-25T21:29:00 Last Modified: 2021-07-26T17:43:00

Summary

Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.

Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)

CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Scores

  • Impact Score: 6.4
  • Exploitability Score: 8.6
  • CVSS: 6.8
  • CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

  • Availability: PARTIAL
  • Confidentiality: PARTIAL
  • Integrity: PARTIAL

Access

  • Authentication: NONE
  • Complexity: MEDIUM
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5182 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2015-5183: Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

Published: 2017-09-25T21:29:00 Last Modified: 2021-01-05T10:15:00

Summary

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5183 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat

CVE-2015-5184: Console: CORS headers set to allow all in Red Hat AMQ.

Published: 2017-09-25T21:29:00 Last Modified: 2021-01-05T10:15:00

Summary

Console: CORS headers set to allow all in Red Hat AMQ.

Scores

  • Impact Score: 2.9
  • Exploitability Score: 10.0
  • CVSS: 5.0
  • CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

  • Availability: NONE
  • Confidentiality: PARTIAL
  • Integrity: NONE

Access

  • Authentication: NONE
  • Complexity: LOW
  • Vector: NETWORK

Currently, there is no code for exploiting the CVE-2015-5184 vulnerability.

References

See also: All popular products CVE Vulnerabilities of redhat