Vulnerability Details : CVE-2020-14379
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.
Vulnerability category: XML external entity (XXE) injectionDenial of serviceInformation leak
Products affected by CVE-2020-14379
- cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14379
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-14379
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.6
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H |
0.8
|
4.7
|
NIST |
CWE ids for CVE-2020-14379
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2020-14379
-
https://bugzilla.redhat.com/show_bug.cgi?id=1840862
1840862 – (CVE-2020-14379) CVE-2020-14379 Red Hat AMQ broker: XXE injection in configuration filesIssue Tracking;Vendor Advisory
Jump to