CVE-2011-3620

CWE-287 ā€” Improper Authentication6 documents5 sources
Severity
7.5HIGH
EPSS
3.0%
top 13.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Qpid
Timeline
PublishedMay 3
Latest updateMay 17

Description

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

ā–¶NVDapache/qpid0.12

šŸ”“Vulnerability Details

2
GHSA
GHSA-3j5v-8288-v25g: Apache Qpid 0ā†—2022-05-17
ā–¶
CVEList
CVE-2011-3620: Apache Qpid 0ā†—2012-05-03
ā–¶

šŸ“‹Vendor Advisories

1
Red Hat
qpid-cpp: cluster authentication ignores cluster-* settingsā†—2012-04-30
ā–¶

šŸ’¬Community

2
Bugzilla
CVE-2011-3620 qpid-cpp: cluster authentication ignores cluster-* settings [fedora-all]ā†—2012-04-30
ā–¶
Bugzilla
CVE-2011-3620 qpid-cpp: cluster authentication ignores cluster-* settingsā†—2011-10-18
ā–¶
CVE-2011-3620 (HIGH CVSS 7.5) | Apache Qpid 0.12 does not properly | cvebase.io