CVE-2014-0085

EPSS 0.14%
Veröffentlicht 17.04.2014 14:55:06
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss A-mq Version6.0.0

Redhat ≫ Jboss Fuse Version6.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.35

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2014-0085

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0085

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0085

EUVD