Vulnerabilities > Redhat > Jboss A MQ > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-27 CVE-2023-4066 Cleartext Storage of Sensitive Information vulnerability in Redhat products
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
local
low complexity
redhat CWE-312
5.5
2023-09-27 CVE-2023-4065 Incorrect Default Permissions vulnerability in Redhat products
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log.
local
low complexity
redhat CWE-276
5.5
2023-05-26 CVE-2023-1664 Improper Certificate Validation vulnerability in Redhat products
A flaw was found in Keycloak.
network
low complexity
redhat CWE-295
6.5
2022-08-16 CVE-2020-14379 XXE vulnerability in Redhat Jboss A-Mq 7
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.
local
low complexity
redhat CWE-611
5.6
2021-06-01 CVE-2021-3425 Unspecified vulnerability in Redhat Jboss A-Mq 7
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality.
local
low complexity
redhat
4.4
2021-05-20 CVE-2021-3536 Cross-site Scripting vulnerability in Redhat products
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS.
network
low complexity
redhat CWE-79
4.8
2018-08-01 CVE-2016-8653 Unspecified vulnerability in Redhat Jboss A-Mq and Jboss Fuse
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it.
network
low complexity
redhat
5.3
2017-09-25 CVE-2015-5181 Cross-site Scripting vulnerability in Redhat Jboss A-Mq
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
network
low complexity
redhat CWE-79
5.4