{"containers": {"cna": {"affected": [{"product": "AMQ", "vendor": "n/a", "versions": [{"status": "affected", "version": "AMQ Online before 1.5.2"}]}], "descriptions": [{"lang": "en", "value": "It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-248", "description": "CWE-248", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-16T17:43:39", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2020-14348", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "AMQ", "version": {"version_data": [{"version_value": "AMQ Online before 1.5.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-248"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2020-14348", "datePublished": "2020-09-16T17:43:39", "dateReserved": "2020-06-17T00:00:00", "dateUpdated": "2020-09-16T17:43:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:amq_online:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7550A08-6C95-4C22-9B4F-711E17E3AED4", "versionEndExcluding": "1.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers."}, {"lang": "es", "value": "Se encontr\u00f3 en AMQ Online versiones anteriores a 1.5.2, que inyectar un campo no v\u00e1lido a una configuraci\u00f3n AddressSpace del espacio de nombres de usuario coloca a AMQ Online en un estado inconsistente, donde los componentes de AMQ Online no funcionan apropiadamente, tal y como el fallo de aprovisionamiento y el fallo en la creaci\u00f3n de direcciones, aunque esto no afecta a los clientes o agentes de mensajer\u00eda ya existentes"}], "id": "CVE-2020-14348", "lastModified": "2020-09-23T16:58:39.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-16T18:15:13.093", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861814"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-248"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{}