CVE-2014-0085

EPSS 0.14%
Published 17.04.2014 14:55:06
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

Affected products Warnungen 0 Metrics 2 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss A-mq Version6.0.0

Redhat ≫ Jboss Fuse Version6.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.35

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2014-0085

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0085

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0085

EUVD