Multiple vulnerabilities in Red Hat AMQ Broker
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2019-10744 CVE-2020-36518 CVE-2021-4040 CVE-2021-43797 CVE-2022-22968 CVE-2022-23913 CVE-2022-1833 |
| CWE-ID | CWE-94 CWE-787 CWE-400 CWE-444 CWE-254 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
AMQ Broker Server applications / Application servers |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Code Injection
EUVDB-ID: #VU21764
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-10744
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify properties on the target system.
The vulnerability exists due to improper input validation in the "defaultsDeep" function. A remote attacker can send a specially crafted request and modify the prototype of "Object" via "{constructor: {prototype: {...}}}" causing the addition or modification of an existing property that will exist on all objects.
Install updates from vendor's website.
AMQ Broker: 7.0 - 7.9.4
External linkshttp://access.redhat.com/errata/RHSA-2022:5101
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Out-of-bounds write
EUVDB-ID: #VU61799
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36518
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.0 - 7.9.4
External linkshttp://access.redhat.com/errata/RHSA-2022:5101
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU64473
Risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4040
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to AMQ Broker does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and partially disrupt availability to the broker through a sustained attack of maliciously crafted messages.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.0 - 7.9.4
External linkshttp://access.redhat.com/errata/RHSA-2022:5101
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU61810
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43797
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when processing control chars present at the beginning / end of the header name. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.0 - 7.9.4
External linkshttp://access.redhat.com/errata/RHSA-2022:5101
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Security features bypass
EUVDB-ID: #VU62314
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-22968
CWE-ID:
CWE-254 - Security Features
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to patterns for disallowedFields on a DataBinder are case sensitive, which means a field is not effectively protected unless it is listed
with both upper and lower case for the first character of the field,
including upper and lower case for the first character of all nested
fields within the property path. A remote attacker can bypass implemented security restrictions by passing case sensitive data to the application.
Install updates from vendor's website.
AMQ Broker: 7.0 - 7.9.4
External linkshttp://access.redhat.com/errata/RHSA-2022:5101
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Resource exhaustion
EUVDB-ID: #VU60303
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23913
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.0 - 7.9.4
External linkshttp://access.redhat.com/errata/RHSA-2022:5101
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security restrictions bypass
EUVDB-ID: #VU64486
Risk: Medium
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1833
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to improperly imposed permissions. A low-privileged user with access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets.
Install updates from vendor's website.
AMQ Broker: 7.0 - 7.9.4
External linkshttp://access.redhat.com/errata/RHSA-2022:5101
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
