Vulnerabilities > Broadcom > Rabbitmq Server

DATE CVE VULNERABILITY TITLE RISK
2022-10-06 CVE-2022-31008 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
RabbitMQ is a multi-protocol messaging and streaming broker.
network
low complexity
vmware broadcom CWE-335
7.5
2021-05-18 CVE-2021-22117 Incorrect Permission Assignment for Critical Resource vulnerability in Broadcom Rabbitmq Server
RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins.
local
low complexity
broadcom CWE-732
7.8
2020-08-31 CVE-2020-5419 Uncontrolled Search Path Element vulnerability in multiple products
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution.
local
low complexity
pivotal-software broadcom CWE-427
6.7
2019-11-23 CVE-2019-11287 Use of Externally-Controlled Format String vulnerability in multiple products
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack.
7.5
2019-11-22 CVE-2019-11291 Cross-site Scripting vulnerability in multiple products
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input.
network
low complexity
vmware broadcom redhat CWE-79
4.8
2017-06-13 CVE-2017-4967 Cross-site Scripting vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
network
low complexity
pivotal-software broadcom debian CWE-79
6.1
2017-06-13 CVE-2017-4966 Information Exposure vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
local
low complexity
pivotal-software broadcom debian CWE-200
7.8
2017-06-13 CVE-2017-4965 Cross-site Scripting vulnerability in multiple products
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15.
network
low complexity
pivotal-software broadcom debian CWE-79
6.1
2016-12-29 CVE-2016-9877 Improper Access Control vulnerability in multiple products
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7.
network
low complexity
pivotal-software broadcom CWE-284
critical
9.8