CVE-2021-3763

Published: Aug 23, 2022Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.

Affected (3)

Products: Redhat: Amq Broker

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Amq Broker	Version 7.8.0
Redhat Amq Broker	Version 7.8.1
Redhat Amq Broker	Version 7.8.2

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

https://access.redhat.com/security/cve/CVE-2021-3763

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2000654

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://issues.redhat.com/browse/ENTMQBR-5372

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2021-3763

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2000654

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://issues.redhat.com/browse/ENTMQBR-5372

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.