CVE-2020-10727
Description
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the resetUsers operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.075
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-10727 are fixed in Apache-artemis-commons 2.13.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Vulnerabilities CVE-2020-10727 are fixed in Apache-artemis-commons for Linux 2.13.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234