First published: Mon Mar 08 2021(Updated: )
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Jboss A-mq | =7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-3425.
The severity of CVE-2021-3425 is medium with a CVSS score of 4.4.
Red Hat AMQ 7 is affected by CVE-2021-3425.
CVE-2021-3425 allows an attacker to disclose JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile.
Yes, fixes are available for CVE-2021-3425. Please refer to the references for more information.