CVE-2021-3425
First published: Mon Mar 08 2021(Updated: )
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss A-mq | =7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-3425.
What is the severity of CVE-2021-3425?
The severity of CVE-2021-3425 is medium with a CVSS score of 4.4.
Which software is affected by CVE-2021-3425?
Red Hat AMQ 7 is affected by CVE-2021-3425.
How does CVE-2021-3425 exploit work?
CVE-2021-3425 allows an attacker to disclose JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile.
Are there any fixes available for CVE-2021-3425?
Yes, fixes are available for CVE-2021-3425. Please refer to the references for more information.
- collector/redhat-cve
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3425
- vendor/redhat
- canonical/redhat jboss a-mq
- version/redhat jboss a-mq/7