CVE-2021-4040 – Broker: Malformed message can result in partial DoS (OOM)
https://notcve.org/view.php?id=CVE-2021-4040
A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability. Se ha encontrado un fallo en AMQ Broker. • https://access.redhat.com/security/cve/CVE-2021-4040 https://bugzilla.redhat.com/show_bug.cgi?id=2028254 https://github.com/apache/activemq-artemis/pull/3871/commits https://issues.apache.org/jira/browse/ARTEMIS-3593 • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVE-2021-3763 – 7: Incorrect privilege in Management Console
https://notcve.org/view.php?id=CVE-2021-3763
A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity. Se ha encontrado un fallo en la consola de administración de Red Hat AMQ Broker en versión 7.8, en el que un usuario presente puede acceder a determinada información limitada incluso cuando el rol al que está asignado el usuario no debería permitir el acceso a la consola de gestión. El principal impacto es en la confidencialidad, ya que este fallo significa que algunas vinculaciones de rol son comprobados de forma incorrecta, son divulgados algunos metadatos privilegiados como los nombres de las colas y los detalles de configuración, pero el impacto es limitado, ya que no puede accederse a toda la información y no afecta a la integridad. • https://access.redhat.com/security/cve/CVE-2021-3763 https://bugzilla.redhat.com/show_bug.cgi?id=2000654 https://issues.redhat.com/browse/ENTMQBR-5372 • CWE-863: Incorrect Authorization •