{"containers": {"cna": {"affected": [{"product": "Red Hat AMQ", "vendor": "n/a", "versions": [{"status": "affected", "version": "Red Hat AMQ 7"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-16T19:40:15", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840862"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:33.306Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840862"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14379", "datePublished": "2022-08-16T19:40:15", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2024-08-04T12:46:33.306Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*", "matchCriteriaId": "A58966CB-36AF-4E64-AB39-BE3A0753E155", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure."}, {"lang": "es", "value": "Se ha detectado un fallo en Red Hat AMQ Broker por el que puede realizarse un ataque de tipo XEE por medio de los archivos de configuraci\u00f3n del Broker, conllevando a una denegaci\u00f3n de servicio y una divulgaci\u00f3n de informaci\u00f3n."}], "id": "CVE-2020-14379", "lastModified": "2024-11-21T05:03:08.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-16T21:15:09.537", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840862"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Oleg Sushchenko for reporting this issue.", "bugzilla": {"description": "broker: XXE injection in configuration files", "id": "1840862", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1840862"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-611", "details": ["A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.", "A flaw was found in broker. An XEE attack can used in Broker's configuration files, leading to DoS and information disclosure. The highest threat from the vulnerability is to system availability."], "name": "CVE-2020-14379", "package_state": [{"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Will not fix", "package_name": "broker", "product_name": "Red Hat AMQ Broker 7"}], "public_date": "2021-11-04T09:45:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14379\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14379"], "threat_severity": "Moderate"}