CVE-2021-4040

2022-08-2416:15:09

CWE-400

CWE-787

[email protected]

web.nvd.nist.gov

amq broker

flaw

interruption

out of memory

vulnerability

system availability

maliciously crafted messages

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.003

Percentile

68.6%

JSON

A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.

Affected configurations

Nvd

Node

redhatamq_brokerRange<7.10.0

Node

apacheactivemq_artemisRange<2.19.1

VendorProductVersionCPE
redhatamq_broker*cpe:2.3:a:redhat:amq_broker:*:*:*:*:*:*:*:*
apacheactivemq_artemis*cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*