Vulnerability CVE-2020-14348


Published: 2020-09-16

Description:
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

Type:

CWE-754

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Redhat -> Amq online 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=1861814

Copyright 2020, cxsecurity.com

 

Back to Top