Lucene search

K
cve[email protected]CVE-2020-14379
HistoryAug 16, 2022 - 9:15 p.m.

CVE-2020-14379

2022-08-1621:15:09
CWE-611
web.nvd.nist.gov
32
6
red hat
amq broker
xee attack
cve-2020-14379
denial of service
information disclosure

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker’s configuration files, leading to denial of service and information disclosure.

Affected configurations

Vulners
NVD
Node
redhatamq
VendorProductVersionCPE
redhatamq*cpe:2.3:a:redhat:amq:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Red Hat AMQ",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Red Hat AMQ 7"
      }
    ]
  }
]

Social References

More

5.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H

5.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

Related for CVE-2020-14379