CVE-2020-14348
Last modified
CVE-2020-14348 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.. EPSS estimates a 0.81% chance of exploitation in the next 30 days.
Description
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Amq Online | < 1.5.2 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1861814Issue Tracking
- https://bugzilla.redhat.com/show_bug.cgi?id=1861814Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-14348?
How severe is CVE-2020-14348?
How do I fix CVE-2020-14348?
Are you affected by CVE-2020-14348?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST