Lucene search

K
redhatRedHatRHSA-2024:0278
HistoryJan 17, 2024 - 1:21 p.m.

(RHSA-2024:0278) Moderate: Red Hat AMQ Broker 7.11.5 release and security update

2024-01-1713:21:12
access.redhat.com
30
red hat amq broker
7.11.5
security update
messaging
activemq artemis
asynchronous journal
cve-2023-33201
bouncycastle

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

23.2%

AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.

This release of Red Hat AMQ Broker 7.11.5 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

  • (CVE-2023-33201) bouncycastle: potential blind LDAP injection attack using a self-signed certificate

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

23.2%