Vulnerabilities > Redhat > Jboss A MQ
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
2023-09-27 | CVE-2023-4066 | Cleartext Storage of Sensitive Information vulnerability in Redhat products A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | 5.5 |
2023-09-27 | CVE-2023-4065 | Incorrect Default Permissions vulnerability in Redhat products A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. | 5.5 |
2023-05-26 | CVE-2023-1664 | Improper Certificate Validation vulnerability in Redhat products A flaw was found in Keycloak. | 6.5 |
2022-09-13 | CVE-2022-1278 | Insecure Default Initialization of Resource vulnerability in Redhat products A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | 7.5 |
2022-08-16 | CVE-2020-14379 | XXE vulnerability in Redhat Jboss A-Mq 7 A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure. | 5.6 |
2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
2021-06-01 | CVE-2021-3425 | Unspecified vulnerability in Redhat Jboss A-Mq 7 A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. | 4.4 |
2021-05-20 | CVE-2021-3536 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. | 4.8 |
2019-08-01 | CVE-2015-7559 | Improper Input Validation vulnerability in multiple products It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. | 2.7 |