{"containers": {"cna": {"affected": [{"product": "AMQ Broker", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in amq-7.9.0"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 - Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-23T15:51:59", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654"}, {"tags": ["x_refsource_MISC"], "url": "https://issues.redhat.com/browse/ENTMQBR-5372"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2021-3763"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3763", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AMQ Broker", "version": {"version_data": [{"version_value": "Fixed in amq-7.9.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863 - Incorrect Authorization"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654"}, {"name": "https://issues.redhat.com/browse/ENTMQBR-5372", "refsource": "MISC", "url": "https://issues.redhat.com/browse/ENTMQBR-5372"}, {"name": "https://access.redhat.com/security/cve/CVE-2021-3763", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2021-3763"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:09:09.147Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.redhat.com/browse/ENTMQBR-5372"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2021-3763"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3763", "datePublished": "2022-08-23T15:51:59", "dateReserved": "2021-09-03T00:00:00", "dateUpdated": "2024-08-03T17:09:09.147Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:amq_broker:7.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C0353B01-42C3-4F5D-A5CE-58F11DCB4AF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:amq_broker:7.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "43295599-4DC6-4F54-9B75-44CF941813CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:amq_broker:7.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "032E03C4-1DF8-4F3F-8346-B674FD6765E1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity."}, {"lang": "es", "value": "Se ha encontrado un fallo en la consola de administraci\u00f3n de Red Hat AMQ Broker en versi\u00f3n 7.8, en el que un usuario presente puede acceder a determinada informaci\u00f3n limitada incluso cuando el rol al que est\u00e1 asignado el usuario no deber\u00eda permitir el acceso a la consola de gesti\u00f3n. El principal impacto es en la confidencialidad, ya que este fallo significa que algunas vinculaciones de rol son comprobados de forma incorrecta, son divulgados algunos metadatos privilegiados como los nombres de las colas y los detalles de configuraci\u00f3n, pero el impacto es limitado, ya que no puede accederse a toda la informaci\u00f3n y no afecta a la integridad."}], "id": "CVE-2021-3763", "lastModified": "2022-08-27T02:06:11.093", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-23T16:15:09.790", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3763"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://issues.redhat.com/browse/ENTMQBR-5372"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Mudassar Iqbal (Red Hat).", "affected_release": [{"advisory": "RHSA-2021:3700", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "broker", "product_name": "Red Hat AMQ 7.9.0", "release_date": "2021-09-30T00:00:00Z"}], "bugzilla": {"description": "7: Incorrect privilege in Management Console", "id": "2000654", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2000654"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-863", "details": ["A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.", "A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity."], "name": "CVE-2021-3763", "public_date": "2021-08-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3763\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3763"], "threat_severity": "Moderate", "upstream_fix": "amq 7.9.0"}