redhat/amq_online: The latest CVE Vulnerabilities and Exploits for Penetration Test
redhat/amq_online Vulnerability Summary
- Vendor name: redhat
- Product name: amq_online
- Total vulnerabilities: 2 (as 2023-05-04)
redhat/amq_online Vulnerability List
CVE-2020-14348: It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace…
Published: 2020-09-16T18:15:00 Last Modified: 2020-09-23T16:58:00
Summary
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.
Common Weakness Enumeration (CWE): CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE Description: The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14348 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14319: It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF)…
Published: 2020-08-03T17:15:00 Last Modified: 2020-08-12T14:16:00
Summary
It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2.
Common Weakness Enumeration (CWE): CWE-352: Cross-Site Request Forgery (CSRF)
CWE Description: The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Scores
- Impact Score: 4.9
- Exploitability Score: 4.9
- CVSS: 4.0
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14319 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat