VDB

CVE-2021-3763

CVE-2021-3763 PUBLISHED CVSS 4.300000190734863 MEDIUM

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.

EPSS 0.17% · 37.4th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.17%
37.4th percentile

Affected Products

VendorProductVersions
n/aAMQ BrokerFixed in amq-7.9.0
redhatamq_broker7.8.0, 7.8.1, 7.8.2

Exploit Intelligence

Timeline

  • Aug 23, 2022 CVE Published
  • Aug 24, 2022 EPSS Score
  • Oct 9, 2022 EPSS Score
  • Nov 23, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Feb 23, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 9, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 10, 2023 EPSS Score
  • Aug 25, 2023 EPSS Score
  • Oct 9, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›