As BSI studies, an IT safety alert a couple of identified vulnerability in Red Hat JBoss A-MQ has acquired an replace. You can examine which functions and merchandise are affected by safety holes right here at information.de.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 23, 2024 to a high-risk safety gap in Red Hat JBoss A-MQ identified on December 6, 2023. The vulnerability impacts Linux, UNIX and Windows working methods and merchandise Atlassian Bamboo, Red Hat Enterprise Linux, Atlassian Confluence, Atlassian Bitbucket, Red Hat JBoss A-MQ and Atlassian Jira Software.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3354 (From 24 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple Vulnerabilities for Red Hat JBoss A-MQ – Risk: High
Risk stage: 3 (excessive)
CVSS Base Score: 9.8
CVSS provisional rating: 8,5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop methods. The CVSS normal makes it potential to check potential or precise safety dangers primarily based on numerous metrics to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporary scores additionally consider adjustments over time within the threat state of affairs. According to CVSS, the danger of the vulnerability talked about right here is rated as “excessive” with a base worth of 9.8.
Red Hat JBoss A-MQ Bug: Description of the assault
JBoss A-MQ is a messaging platform.
A distant, unknown attacker might exploit a number of vulnerabilities in Red Hat JBoss A-MQ to bypass safety, expose info, spoof recordsdata, or trigger a denial of service.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2022-46751, CVE-2023-20873, CVE-2023-2976, CVE-2023-31582, CVE-2023-33201, CVE-2023-40167, CVE-2023-4102-5202, CVE-2023-410204, 2023-44387, CVE-2023-44981 and CVE-2023-5072 on the market.
Systems affected by the safety hole at a look
Operating methods
Linux, UNIX, Windows
Products
Atlassian Bamboo Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Atlassian Confluence Atlassian Bamboo Atlassian Bitbucket Red Hat JBoss A-MQ Red Hat JBoss A-MQ Clients 3 (cpe:/a:redhat:jboss_amq)
Atlassian Jira Software Atlassian Jira Software Service Management Atlassian Jira Software Service Management Atlassian Confluence Atlassian Confluence Atlassian Confluence Atlassian Confluence Atlassian Confluence Atlassian Bitbucket Atlassian Bitbucket
General steps for coping with IT vulnerabilities
- Users of affected methods ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically comprises further details about the newest model of the software program in query and the supply of safety patches or efficiency ideas.
- If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to commonly examine the required sources to see if a brand new safety replace is accessible.
Sources for updates, patches and workarounds
Here you will see that some hyperlinks with details about bug studies, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24 (23.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2945 vom 2024-05-21 (21.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0903 vom 2024-02-20 (20.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0705 vom 2024-02-06 (06.02.2024)
For extra info, see:
Atlassian Security Bulletin December 12 2023 vom 2023-12-12 (12.12.2023)
For extra info, see:
Red Hat Security Advisory RHSA-2023:7697 vom 2023-12-07 (07.12.2023)
For extra info, see:
RedHat Security Advisory vom 2023-12-06 (06.12.2023)
For extra info, see:
Version historical past of this safety alert
This is model 7 of this Red Hat JBoss A-MQ IT safety advisory. This doc will probably be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.
December 6, 2023 – First model
12/07/2023 – New updates from Red Hat added
12/12/2023 – New updates added
02/06/2024 – New updates from Red Hat have been added
02/20/2024 – New updates from Red Hat added
May 21, 2024 – New updates from Red Hat added
05/23/2024 – New updates from Red Hat added
+++ Editorial be aware: This doc relies on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that scorching information, present movies and a direct line to the editorial staff.
kns/roj/information.de