CVE-2020-25640 Vulnerability in maven package org.jboss.genericjms:generic-jms-ra-jar

Description

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881637

https://github.com/amqphub/amqp-10-resource-adapter/issues/13

https://security.netapp.com/advisory/ntap-20201210-0001/

Related Vulnerabilities

CVE-2018-11694 Vulnerability in maven package org.webjars.npm:node-sass

CVE-2021-40146 Vulnerability in maven package org.apache.any23:apache-any23-core

CVE-2023-34062 Vulnerability in maven package io.projectreactor.netty:reactor-netty-http

CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.freemarker

CVE-2022-41642 Vulnerability in npm package nadesiko3

Severity

Medium

Classification

CWE-532 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N