CVE-2021-3425
MEDIUMRed Hat JBoss A-MQ - Sensitive Information Disclosure in Log Files
Title source: llmDescription
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1936629
Scores
CVSS v3
4.4
EPSS
0.0029
EPSS Percentile
20.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
redhat/jboss_a-mq
7
Published
Jun 01, 2021
Tracked Since
Feb 18, 2026