CVE-2021-4040

{"id": "CVE-2021-4040", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-08-24T16:15:09.313", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-4040", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028254", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/apache/activemq-artemis/pull/3871/commits", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://issues.apache.org/jira/browse/ARTEMIS-3593", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability."}, {"lang": "es", "value": "Se ha encontrado un fallo en AMQ Broker. Este problema puede causar una interrupci\u00f3n parcial de la disponibilidad de AMQ Broker por medio de una condici\u00f3n de Out of memory (OOM). Este fallo permite a un atacante interrumpir parcialmente la disponibilidad del broker mediante un ataque sostenido de mensajes maliciosamente dise\u00f1ados. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema."}], "lastModified": "2022-08-29T16:40:20.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:amq_broker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B56B867-75FC-47C5-94C7-B96DC3028D64", "versionEndExcluding": "7.10.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18C0F17A-A27D-40E9-9ACE-5BD86A02BA54", "versionEndExcluding": "2.19.1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}