Vulnerability Details CVE-2020-25640
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 3.5
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1881637
- https://github.com/amqphub/amqp-10-resource-adapter/issues/13
- https://security.netapp.com/advisory/ntap-20201210-0001/
- https://bugzilla.redhat.com/show_bug.cgi?id=1881637
- https://github.com/amqphub/amqp-10-resource-adapter/issues/13
- https://security.netapp.com/advisory/ntap-20201210-0001/
Products affected by CVE-2020-25640
-
cpe:2.3:a:redhat:wildfly:-
-
cpe:2.3:a:redhat:wildfly:10.0.0
-
cpe:2.3:a:redhat:wildfly:10.1.0
-
cpe:2.3:a:redhat:wildfly:10.1.2
-
cpe:2.3:a:redhat:wildfly:11.0.0
-
cpe:2.3:a:redhat:wildfly:12.0.0
-
cpe:2.3:a:redhat:wildfly:13.0.0
-
cpe:2.3:a:redhat:wildfly:14.0.0
-
cpe:2.3:a:redhat:wildfly:14.0.1
-
cpe:2.3:a:redhat:wildfly:15.0.0
-
cpe:2.3:a:redhat:wildfly:15.0.1
-
cpe:2.3:a:redhat:wildfly:16.0.0
-
cpe:2.3:a:redhat:wildfly:17.0.0
-
cpe:2.3:a:redhat:wildfly:17.0.1
-
cpe:2.3:a:redhat:wildfly:18.0.0
-
cpe:2.3:a:redhat:wildfly:18.0.1
-
cpe:2.3:a:redhat:wildfly:19.0.0
-
cpe:2.3:a:redhat:wildfly:19.1.0
-
cpe:2.3:a:redhat:wildfly:20.0.0
-
cpe:2.3:a:redhat:wildfly:20.0.1
-
cpe:2.3:a:redhat:wildfly:7.2.0
-
cpe:2.3:a:redhat:wildfly:7.2.3
-
cpe:2.3:a:redhat:wildfly:7.2.5
-
cpe:2.3:a:redhat:wildfly:8.0.0
-
cpe:2.3:a:redhat:wildfly:8.1.0
-
cpe:2.3:a:redhat:wildfly:8.2.0
-
cpe:2.3:a:redhat:wildfly:8.2.1
-
cpe:2.3:a:redhat:wildfly:9.0.0
-
cpe:2.3:a:redhat:wildfly:9.0.1
-
cpe:2.3:a:redhat:wildfly:9.0.2