Skip to main content

Jboss A Mq CVE-2014-0085

LOW
Credentials Management Errors (CWE-255)
2014-04-17 secalert@redhat.com
2.1
CVSS 2.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:N/C:P/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 17, 2014 - 14:55 cve.org
LOW 2.1

DescriptionCVE.org

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.

AnalysisAI

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-255. JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log. Affected products include: Redhat Jboss A-Mq, Redhat Jboss Fuse.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-7501 CRITICAL
9.8 Nov 09

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5

CVE-2021-4104 HIGH
7.5 Dec 14

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Lo

CVE-2013-4372 MEDIUM POC
4.3 Sep 30

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch

CVE-2015-5183 HIGH
7.5 Sep 25

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerab

CVE-2022-1278 HIGH
7.5 Sep 13

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload

CVE-2023-1664 MEDIUM
6.5 May 26

A flaw was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentic

CVE-2023-4066 MEDIUM
5.5 Sep 27

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, de

CVE-2023-4065 MEDIUM
5.5 Sep 27

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, sho

CVE-2015-5181 MEDIUM
5.4 Sep 25

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. Rated medium severity (CVSS 5.4), thi

CVE-2021-3536 MEDIUM
4.8 May 20

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin conso

CVE-2021-3425 MEDIUM
4.4 Jun 01

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker

Share

CVE-2014-0085 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy