Jboss A MQ

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-09-27	CVE-2023-4066	Cleartext Storage of Sensitive Information vulnerability in Redhat products A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. local low complexity redhat CWE-312	5.5
2023-09-27	CVE-2023-4065	Incorrect Default Permissions vulnerability in Redhat products A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. local low complexity redhat CWE-276	5.5
2023-05-26	CVE-2023-1664	Improper Certificate Validation vulnerability in Redhat products A flaw was found in Keycloak. network low complexity redhat CWE-295	6.5
2022-09-13	CVE-2022-1278	Insecure Default Initialization of Resource vulnerability in Redhat products A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. network low complexity redhat CWE-1188	7.5
2021-12-14	CVE-2021-4104	Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. network high complexity apache fedoraproject redhat oracle CWE-502	7.5
2021-06-01	CVE-2021-3425	Information Exposure Through Log Files vulnerability in Redhat Jboss A-Mq 7 A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. local low complexity redhat CWE-532	2.1
2021-05-20	CVE-2021-3536	Cross-site Scripting vulnerability in Redhat products A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. network redhat CWE-79	3.5
2019-08-01	CVE-2015-7559	Improper Input Validation vulnerability in multiple products It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. network low complexity apache redhat CWE-20	2.7
2018-08-01	CVE-2016-8653	Deserialization of Untrusted Data vulnerability in Redhat Jboss A-Mq and Jboss Fuse It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. network low complexity redhat CWE-502	5.3