Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-14348

It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

Published

2020-09-16T18:15:13.093

Last Modified

2024-11-21T05:03:03.957

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-248
Type: Primary
CWE-754

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	amq_online	< 1.5.2	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=1861814 Issue Tracking ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1861814 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)