U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): Red Hat AMQ
  • Search Type: Search All
  • CPE Name Search: false
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2023-4066

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.

Published: September 27, 2023; 5:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-4065

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.

Published: September 27, 2023; 11:19:39 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-0833

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

Published: September 27, 2023; 11:16:03 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-3763

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.

Published: August 23, 2022; 12:15:09 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2020-14379

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.

Published: August 16, 2022; 5:15:09 PM -0400
V3.1: 5.6 MEDIUM
V2.0:(not available)
CVE-2021-3425

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.

Published: June 01, 2021; 4:15:08 PM -0400
V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2015-5184

Console: CORS headers set to allow all in Red Hat AMQ.

Published: September 25, 2017; 5:29:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-5183

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

Published: September 25, 2017; 5:29:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2009-5005

The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.

Published: October 18, 2010; 1:00:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM