CVE-2020-14379

CWE-611 ā€” XML External Entity (XXE)9 documents7 sources
Severity
5.6MEDIUM
EPSS
0.0%
top 88.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss A-mq
Timeline
PublishedAug 16
Latest updateAug 17

Description

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:HExploitability: 0.8 | Impact: 4.7

Affected Packages2 packages

ā–¶CVEListV5red_hat_amqRed Hat AMQ 7

šŸ”“Vulnerability Details

3
GHSA
GHSA-f2jp-gmm4-wp64: A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and inforā†—2022-08-17
ā–¶
CVEList
CVE-2020-14379: A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and inforā†—2022-08-16
ā–¶
OSV
jackson-databind vulnerabilitiesā†—2021-03-15
ā–¶

šŸ“‹Vendor Advisories

4
Red Hat
broker: XXE injection in configuration filesā†—2021-11-04
ā–¶
Oracle
Oracle Oracle GoldenGate Risk Matrix: Security / Application Adapters (jackson-databind, SLF4J, ZooKeeper, Apache Spark) ā€” CVE-2019-14379ā†—2020-07-15
ā–¶
Oracle
Oracle Oracle Communications Applications Risk Matrix: IDIH Visualization (jackson-databind) ā€” CVE-2019-14379ā†—2020-04-15
ā–¶
Oracle
Oracle Oracle Communications Applications Risk Matrix: Presence-api (jackson-databind) ā€” CVE-2019-14379ā†—2020-01-15
ā–¶

šŸ’¬Community

1
Bugzilla
CVE-2020-14379 Red Hat AMQ broker: XXE injection in configuration filesā†—2020-05-27
ā–¶
CVE-2020-14379 (MEDIUM CVSS 5.6) | A flaw was found in Red Hat AMQ Bro | cvebase.io