Описание
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.
Отчет
Red Hat Single Sign-On does not include the vulnerable web console components.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| JBoss Developer Studio 11 | activemq | Out of support scope | ||
| Red Hat Decision Manager 7 | activemq-artemis | Not affected | ||
| Red Hat Fuse 7 | activemq | Will not fix | ||
| Red Hat JBoss A-MQ 6 | activemq | Out of support scope | ||
| Red Hat JBoss Data Grid 7 | activemq-artemis | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | activemq-artemis | Not affected | ||
| Red Hat JBoss Fuse 6 | activemq | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | activemq | Out of support scope | ||
| Red Hat Process Automation 7 | activemq-artemis | Not affected | ||
| Red Hat Single Sign-On 7 | activemq-artemis | Not affected |
Показывать по
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.
An instance of a cross-site scripting vulnerability was identified to ...
Apache ActiveMQ web console vulnerable to Cross-site Scripting
6.1 Medium
CVSS3