Vulnerability Description
A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Amq Broker | 7.8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2021-3763Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2000654Issue TrackingVendor Advisory
- https://issues.redhat.com/browse/ENTMQBR-5372Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2021-3763Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2000654Issue TrackingVendor Advisory
- https://issues.redhat.com/browse/ENTMQBR-5372Vendor Advisory
FAQ
What is CVE-2021-3763?
CVE-2021-3763 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be ...
How severe is CVE-2021-3763?
CVE-2021-3763 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3763?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Amq Broker.