{"containers": {"cna": {"affected": [{"product": "AMQ", "vendor": "n/a", "versions": [{"status": "affected", "version": "AMQ Online before 1.5.2"}]}], "descriptions": [{"lang": "en", "value": "It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-16T17:43:39", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14348", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AMQ", "version": {"version_data": [{"version_value": "AMQ Online before 1.5.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-248"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.482Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14348", "datePublished": "2020-09-16T17:43:39", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:39:36.482Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:amq_online:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7550A08-6C95-4C22-9B4F-711E17E3AED4", "versionEndExcluding": "1.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers."}, {"lang": "es", "value": "Se encontr\u00f3 en AMQ Online versiones anteriores a 1.5.2, que inyectar un campo no v\u00e1lido a una configuraci\u00f3n AddressSpace del espacio de nombres de usuario coloca a AMQ Online en un estado inconsistente, donde los componentes de AMQ Online no funcionan apropiadamente, tal y como el fallo de aprovisionamiento y el fallo en la creaci\u00f3n de direcciones, aunque esto no afecta a los clientes o agentes de mensajer\u00eda ya existentes"}], "id": "CVE-2020-14348", "lastModified": "2020-09-23T16:58:39.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-16T18:15:13.093", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-248"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Jeremy Choi (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2020:3209", "cpe": "cpe:/a:redhat:amq_online:1.5", "product_name": "Red Hat AMQ Online 1.5.2 GA", "release_date": "2020-07-29T00:00:00Z"}], "bugzilla": {"description": "AMQ: Denial of Service via unrecognized field injection", "id": "1861814", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-248", "details": ["It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.", "A flaw was found in AMQ Online before 1.5.2, where injecting an invalid field to a user's address space configuration of the user namespace puts AMQ Online in an inconsistent state. In this inconsistent state, the AMQ Online components do not operate properly. For example, the failure of provisioning and the failure of creating addresses may occur. However, this issue does not impact already existing messaging clients or brokers."], "mitigation": {"lang": "en:us", "value": "The user can work around the issue by repairing the resource and removing the invalid (top-level) field."}, "name": "CVE-2020-14348", "package_state": [{"cpe": "cpe:/a:redhat:amq_online:1", "fix_state": "Affected", "impact": "low", "package_name": "enmasse", "product_name": "Red Hat A-MQ Online"}], "public_date": "2020-07-02T16:40:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14348\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14348"], "threat_severity": "Moderate", "upstream_fix": "amq-online-1.5.2 enmasse-0.32.1"}