CVE-2011-2925 — Improper Authentication in Redhat Enterprise MRG

CWE-287 — Improper Authentication5 documents5 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 82.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise MRG

Timeline

PublishedSep 20

Latest updateMay 13

Description

Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/enterprise_mrg2.0

🔴Vulnerability Details

GHSA

GHSA-j3f2-xf7x-fhpq: Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2↗2022-05-13

▶

CVEList

CVE-2011-2925: Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2↗2011-09-19

▶

📋Vendor Advisories

Red Hat

cumin: broker username/password appears in the log file↗2011-09-07

▶

💬Community

Bugzilla

CVE-2011-2925 cumin: broker username/password appears in the log file↗2011-08-17

▶