{"api_version":"1","generated_at":"2026-04-22T21:38:56+00:00","cve":"CVE-2021-3425","urls":{"html":"https://cve.report/CVE-2021-3425","api":"https://cve.report/api/cve/CVE-2021-3425.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3425","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3425"},"summary":{"title":"CVE-2021-3425","description":"A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-06-01 20:15:00","updated_at":"2021-06-11 15:18:00"},"problem_types":["CWE-532"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1936629","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1936629","refsource":"MISC","tags":[],"title":"1936629 – (CVE-2021-3425) CVE-2021-3425 Red Hat AMQ Broker: discloses JDBC username and password in the application log file","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3425","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3425","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3425","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_a-mq","cpe6":"7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-3425","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-532","cweId":"CWE-532"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"broker","version":{"version_data":[{"version_affected":"=","version_value":"as shipped in Red Hat AMQ 7"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1936629","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1936629"}]}},"nvd":{"publishedDate":"2021-06-01 20:15:00","lastModifiedDate":"2021-06-11 15:18:00","problem_types":["CWE-532"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3425","Ordinal":"203242","Title":"CVE-2021-3425","CVE":"CVE-2021-3425","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3425","Ordinal":"1","NoteData":"A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"3425","Ordinal":"2","NoteData":"2021-06-01","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"3425","Ordinal":"3","NoteData":"2021-06-01","Type":"Other","Title":"Modified"}]}}}