Multiple vulnerabilities in AMQ Broker 7.11
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2020-24736 CVE-2023-1667 CVE-2023-2283 CVE-2023-2602 CVE-2023-2603 CVE-2023-27536 CVE-2023-28321 CVE-2023-28484 CVE-2023-29469 CVE-2023-32681 CVE-2023-34969 CVE-2023-4065 CVE-2023-4066 |
| CWE-ID | CWE-119 CWE-20 CWE-287 CWE-401 CWE-98 CWE-371 CWE-295 CWE-476 CWE-399 CWE-200 CWE-264 CWE-532 CWE-312 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
AMQ Broker Server applications / Application servers |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU77780
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-24736
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when executing a crafted SELECT query. A local user can execute a specially crafted query to trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Input validation error
EUVDB-ID: #VU75741
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-1667
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.
Install updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Improper Authentication
EUVDB-ID: #VU75740
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-2283
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The A remote attacker can bypass authentication process and gain unauthorized access to the system.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Memory leak
EUVDB-ID: #VU76757
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-2602
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) PHP file inclusion
EUVDB-ID: #VU72703
Risk: High
CVSSv3.1:
CVE-ID: CVE-2023-2603
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files in web/ajax/modal.php. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) State Issues
EUVDB-ID: #VU73829
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-27536
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to cURL will reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Improper certificate validation
EUVDB-ID: #VU76237
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-28321
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.
Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) NULL pointer dereference
EUVDB-ID: #VU74863
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-28484
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Resource management error
EUVDB-ID: #VU74862
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-29469
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Information disclosure
EUVDB-ID: #VU77164
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-32681
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU78490
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-34969
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.
Install updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Inclusion of Sensitive Information in Log Files
EUVDB-ID: #VU79946
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-4065
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to amq-broker-operator-container logs password defined in ActiveMQArtemisAddress CR. A local user can read the log files and gain access to sensitive data.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Cleartext storage of sensitive information
EUVDB-ID: #VU79947
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-4066
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to passwords stored in a secret `security-properties-prop-module` defined in ActivemqArtemisSecurity CR are shown in StatefulSet details yaml of AMQ Broker in clear text. A local user can gain access to sensitive information.
Install updates from vendor's website.
AMQ Broker: 7.11.0
Fixed software versionsCPE2.3 External links
http://access.redhat.com/errata/RHSA-2023:4720
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
