Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.14.0 release and security update

Red Hat AMQ Broker 7.14.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Vulnerabilities fixed in Red Hat AMQ

Vulnerabilities have been fixed in Red Hat AMQ. The vulnerability with reference CVE-2020-27216 allows a local malicious person to to obtain elevated privileges. The vulnerability with attribute CVE-2020-27218 allows a remote malicious person to gain access to system data. Red Hat has released...

PT-2012-4223 · Red Hat · Cumin +1

Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: The issue allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands...

PT-2012-4224 · Red Hat · Cumin +1

Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: A session fixation issue allows remote attackers to hijack web sessions via a crafted session cookie. Recommendations: For Cumin...

PT-2012-4179 · Red Hat · Cumin +1

Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error message displays ...

cumin: weak session keys

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

cumin: CSRF flaw

Multiple cross-site request forgery CSRF vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors...

cumin: authentication bypass flaws

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to 1 "web pages," 2 "export functionality," and 3 "image viewin...

cumin: weak session keys

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

CVE-2011-2925

CVE-2011-2925 affects Red Hat Enterprise MRG Grid 2.0 (and related Messaging/Realtime components). The root cause is that Cumin logs broker authentication credentials to its log file, allowing a local user to bypass authentication and perform actions on jobs and queues via a direct broker connect...

PT-2010-5338 · Red Hat · Condor +1

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Messaging, Realtime and Grid MRG version 1.3 Description: The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid MRG recommends a configuration that creates a trusted channel with insufficient...