CVE-2020-14348

It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1861814	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:amq_online:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-09-16 18:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-14348

Mitre link : CVE-2020-14348

CVE.ORG link : CVE-2020-14348

JSON object : View

Products Affected

redhat

amq_online

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-248

Uncaught Exception

{"id": "CVE-2020-14348", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-09-16T18:15:13.093", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-754"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-248"}]}], "descriptions": [{"lang": "en", "value": "It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers."}, {"lang": "es", "value": "Se encontr\u00f3 en AMQ Online versiones anteriores a 1.5.2, que inyectar un campo no v\u00e1lido a una configuraci\u00f3n AddressSpace del espacio de nombres de usuario coloca a AMQ Online en un estado inconsistente, donde los componentes de AMQ Online no funcionan apropiadamente, tal y como el fallo de aprovisionamiento y el fallo en la creaci\u00f3n de direcciones, aunque esto no afecta a los clientes o agentes de mensajer\u00eda ya existentes"}], "lastModified": "2020-09-23T16:58:39.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:amq_online:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7550A08-6C95-4C22-9B4F-711E17E3AED4", "versionEndExcluding": "1.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}