Lucene search
GitHub Advisory DatabaseGHSA-MRGH-6X42-X6XFHistoryMay 17, 2022 - 5:13 a.m.
Improper Authentication in Apache Qpid
2022-05-1705:13:24
CWE-287
GitHub Advisory Database
github.com
6
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.9%
The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
Affected configurations
Node
org.apache.qpid\qpidMatchclient
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.qpid:qpid-client | lt | 0.20 |
Related
veracode
veracode
Authentication Bypass
2019-01-15 08:58:20
prion
prion
Authentication flaw
2013-03-14 03:10:00
nvd
nvd
CVE-2012-4446
2013-03-14 03:10:22
cve
cve
CVE-2012-4446
2022-10-03 16:15:34
ubuntucve
ubuntucve
CVE-2012-4446
2013-03-14 00:00:00
osv
osv
Improper Authentication in Apache Qpid
2022-05-17 05:13:24
cvelist
cvelist
CVE-2012-4446
2022-10-03 16:15:34
nessus
nessus
RHEL 6 : MRG (RHSA-2013:0562)
2014-07-22 00:00:00
RHEL 5 : MRG (RHSA-2013:0561)
2014-07-22 00:00:00
redhat
redhat
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
67.9%
Related for GHSA-MRGH-6X42-X6XF