CVE-2021-3425

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 82.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss A-mq

Timeline

PublishedJun 1

Latest updateMay 24

Description

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5brokeras shipped in Red Hat AMQ 7

▶NVDredhat/jboss_a-mq7

🔴Vulnerability Details

GHSA

GHSA-4h8h-q487-wmvf: A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when usin↗2022-05-24

▶

CVEList

CVE-2021-3425: A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when usin↗2021-06-01

▶

📋Vendor Advisories

Red Hat

Broker: discloses JDBC username and password in the application log file↗2021-03-08

▶