Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-14319

EPSS 0.10% · P28
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-14319

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This flaw affects all versions of AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat AMQ Online 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat AMQ Online是美国红帽(Red Hat)公司的一款提供在OpenShift上运行自助服务(即服务即服务)消息传递平台整体功能的解决方案。 Red Hat AMQ Online 1.5.1版本中存在跨站请求伪造漏洞。该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-AMQ-Online and EnMasse AMQ-Online prior to 1.5.2 and Enmasse versions 0.31.0-rc1 up until but not including 0.32.2 -

II. Public POCs for CVE-2020-14319

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-14319

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-08-03 · 19 CVEs total

CVE-2020-16131Tiki 跨站脚本漏洞
CVE-2019-19453Wowza Media Systems Streaming Engine 跨站脚本漏洞
CVE-2019-19455Wowza Media Systems Streaming Engine 安全漏洞
CVE-2015-9549OcPortal 跨站脚本漏洞
CVE-2020-16269radare2 输入验证错误漏洞
CVE-2020-16272Kee Vault KeePassRPC 输入验证错误漏洞
CVE-2020-16271Kee Vault KeePassRPC 安全特征问题漏洞
CVE-2020-13820Extreme Networks Management Center 跨站脚本漏洞
CVE-2020-12739多款FANUC产品输入验证错误漏洞
CVE-2020-11583Plesk Obsidian 跨站脚本漏洞
CVE-2020-8575NetApp Active IQ Unified Manager 安全漏洞
CVE-2020-8574NetApp Active IQ Unified Manager 安全漏洞
CVE-2020-16116KDE Ark 路径遍历漏洞
CVE-2020-5772Teltonika firmware 代码问题漏洞
CVE-2020-5773Teltonika firmware 安全漏洞
CVE-2020-5770Teltonika firmware 跨站请求伪造漏洞
CVE-2020-5771Teltonika firmware 代码问题漏洞
CVE-2020-11584Plesk Onyx 跨站脚本漏洞

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2020-14319

No comments yet

Leave a comment