CVE-2020-14379: XEE
First published: Wed May 27 2020(Updated: )
A flaw was found in AMQ Broker in a way that a XEE attack can used in Broker's configuration files, leading to DoS and information disclosure.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss A-mq | =7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-14379?
CVE-2020-14379 is a vulnerability found in Red Hat AMQ Broker that allows an attacker to perform an XML Entity Expansion (XEE) attack via the Broker's configuration files, resulting in denial of service and information disclosure.
How severe is CVE-2020-14379?
CVE-2020-14379 has a severity rating of 5.6, which is considered medium.
What software is affected by CVE-2020-14379?
Red Hat Jboss A-mq version 7 is affected by CVE-2020-14379.
How can an attacker exploit CVE-2020-14379?
An attacker can exploit CVE-2020-14379 by leveraging the XEE vulnerability in Red Hat AMQ Broker's configuration files to perform a denial of service attack and potentially gain access to sensitive information.
Are there any fixes or patches available for CVE-2020-14379?
Yes, Red Hat has released a patch for the vulnerability. It is recommended to update to the latest version of Red Hat AMQ Broker to mitigate the risk.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14379
- vendor/redhat
- canonical/redhat jboss a-mq
- version/redhat jboss a-mq/7