CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
82.5%
Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.
This release of Red Hat AMQ Streams 2.6.0 serves as a replacement for Red Hat AMQ Streams 2.5.1, and includes security and bug fixes, and enhancements.
Security Fix(es):
JSON-java: parser confusion leads to OOM (CVE-2023-5072)
spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry (CVE-2023-20873)
zookeeper: Authorization Bypass in Apache ZooKeeper (CVE-2023-44981)
apache-ivy: XML External Entity vulnerability (CVE-2022-46751)
guava: insecure temporary directory creation (CVE-2023-2976)
jose4j: Insecure iteration count setting (CVE-2023-31582)
bouncycastle: potential blind LDAP injection attack using a self-signed certificate (CVE-2023-33201)
jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
tomcat: Open Redirect vulnerability in FORM authentication (CVE-2023-41080)
gradle: Possible local text file exfiltration by XML External entity injection (CVE-2023-42445)
gradle: Incorrect permission assignment for symlinked files used in copy or archiving operations (CVE-2023-44387)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.