Lucene search

[email protected]NVD:CVE-2021-3763

HistoryAug 23, 2022 - 4:15 p.m.

CVE-2021-3763

2022-08-2316:15:09

CWE-863

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.

Affected configurations

NVD

Node

redhatamq_brokerMatch7.8.0

redhatamq_brokerMatch7.8.1

redhatamq_brokerMatch7.8.2

References

access.redhat.com/security/cve/CVE-2021-3763

bugzilla.redhat.com/show_bug.cgi?id=2000654

issues.redhat.com/browse/ENTMQBR-5372

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for NVD:CVE-2021-3763

redhatcve1 cvelist1 cve1 prion1 redhat1