CVE-2021-3763

EPSS 0.17%
Veröffentlicht 23.08.2022 16:15:09
Zuletzt bearbeitet 21.11.2024 06:22:22
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Amq Broker Version7.8.0

Redhat ≫ Amq Broker Version7.8.1

Redhat ≫ Amq Broker Version7.8.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.381

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://access.redhat.com/security/cve/CVE-2021-3763

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2000654

Vendor Advisory

Issue Tracking

https://issues.redhat.com/browse/ENTMQBR-5372

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3763

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3763

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3763

EUVD