Inclusion of Sensitive Information in Log Files in AMQ Broker - CVE-2021-3425

 

Inclusion of Sensitive Information in Log Files in AMQ Broker - CVE-2021-3425

Published: July 12, 2021


Vulnerability identifier: #VU54676
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-3425
CWE-ID: CWE-532
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Red Hat Inc.
Affected software:
AMQ Broker

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the AMQ Broker discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile, if jdbc persistence functionality is used. A local user can read the log files and gain access to sensitive data.


How to mitigate CVE-2021-3425

Install updates from vendor's website.

Sources