A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1936629 | Issue Tracking Vendor Advisory |
Configurations
History
11 Jun 2021, 15:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:* | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1936629 - Issue Tracking, Vendor Advisory | |
CWE | CWE-532 | |
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 4.4 |
01 Jun 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-01 20:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-3425
Mitre link : CVE-2021-3425
CVE.ORG link : CVE-2021-3425
JSON object : View
Products Affected
redhat
- jboss_a-mq
CWE
CWE-532
Insertion of Sensitive Information into Log File