Main Vulnerability Database Vulnerabilities #VU54676

Inclusion of Sensitive Information in Log Files in AMQ Broker - CVE-2021-3425

Published: July 12, 2021

Vulnerability identifier: #VU54676

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3425

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
AMQ Broker

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the AMQ Broker discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile, if jdbc persistence functionality is used. A local user can read the log files and gain access to sensitive data.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=1936629

Inclusion of Sensitive Information in Log Files in AMQ Broker - CVE-2021-3425

Description

Remediation

External links

Please verify you're human