Amq
by Red Hat
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5182 | Hig | 0.57 | 8.8 | 0.01 | Sep 25, 2017 | Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ. | ||
| CVE-2015-5184 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2017 | Console: CORS headers set to allow all in Red Hat AMQ. | ||
| CVE-2015-5183 | Hig | 0.49 | 7.5 | 0.02 | Sep 25, 2017 | Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. | ||
| CVE-2016-8653 | Med | 0.35 | 5.3 | 0.02 | Aug 1, 2018 | It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack. | ||
| CVE-2015-5181 | Med | 0.35 | 5.4 | 0.01 | Sep 25, 2017 | The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | ||
| CVE-2020-14348 | 0.00 | — | 0.01 | Sep 16, 2020 | It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the… |
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
- risk 0.49cvss 7.5epss 0.01
Console: CORS headers set to allow all in Red Hat AMQ.
- risk 0.49cvss 7.5epss 0.02
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
- risk 0.35cvss 5.3epss 0.02
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.
- risk 0.35cvss 5.4epss 0.01
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
- CVE-2020-14348Sep 16, 2020risk 0.00cvss —epss 0.01
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the…