CVE-2021-3763

7: Incorrect privilege in Management Console

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.

Se ha encontrado un fallo en la consola de administración de Red Hat AMQ Broker en versión 7.8, en el que un usuario presente puede acceder a determinada información limitada incluso cuando el rol al que está asignado el usuario no debería permitir el acceso a la consola de gestión. El principal impacto es en la confidencialidad, ya que este fallo significa que algunas vinculaciones de rol son comprobados de forma incorrecta, son divulgados algunos metadatos privilegiados como los nombres de las colas y los detalles de configuración, pero el impacto es limitado, ya que no puede accederse a toda la información y no afecta a la integridad.

*Credits: N/A

CVSS Scores

NISTv3.1 4.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-09-03 CVE Reserved
2021-09-30 CVE Published
2024-07-09 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-863: Incorrect Authorization

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-3763	2021-09-30
https://bugzilla.redhat.com/show_bug.cgi?id=2000654	2021-09-30
https://issues.redhat.com/browse/ENTMQBR-5372	2022-08-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"		Amq Broker Search vendor "Redhat" for product "Amq Broker"				7.8.0 Search vendor "Redhat" for product "Amq Broker" and version "7.8.0"		-		Affected
Redhat Search vendor "Redhat"		Amq Broker Search vendor "Redhat" for product "Amq Broker"				7.8.1 Search vendor "Redhat" for product "Amq Broker" and version "7.8.1"		-		Affected
Redhat Search vendor "Redhat"		Amq Broker Search vendor "Redhat" for product "Amq Broker"				7.8.2 Search vendor "Redhat" for product "Amq Broker" and version "7.8.2"		-		Affected