CVE-2021-3763 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-3763 PUBLISHED CVSS 4.300000190734863 MEDIUM

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.

EPSS 0.17% · 37.5th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.17%

37.5th percentile

Affected Products

Vendor	Product	Versions
n/a	AMQ Broker	Fixed in amq-7.9.0
redhat	amq_broker	7.8.0, 7.8.1, 7.8.2

Timeline

Aug 23, 2022 CVE Published
Aug 24, 2022 EPSS Score
Oct 8, 2022 EPSS Score
Nov 22, 2022 EPSS Score
Jan 6, 2023 EPSS Score
Feb 20, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 7, 2023 EPSS Score
May 22, 2023 EPSS Score
Jul 6, 2023 EPSS Score
Aug 20, 2023 EPSS Score
Oct 4, 2023 EPSS Score

References

Open in Interactive Console →