{
  "threat_severity" : "Moderate",
  "public_date" : "2021-03-08T20:30:00Z",
  "bugzilla" : {
    "description" : "Broker: discloses JDBC username and password in the application log file",
    "id" : "1936629",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1936629"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-532",
  "details" : [ "A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable." ],
  "acknowledgement" : "This issue was discovered by Wai Chun Hui (Red Hat).",
  "affected_release" : [ {
    "product_name" : "Red Hat AMQ 7.8.2",
    "release_date" : "2021-07-12T00:00:00Z",
    "advisory" : "RHSA-2021:2689",
    "cpe" : "cpe:/a:redhat:amq_broker:7",
    "package" : "broker"
  }, {
    "product_name" : "Red Hat AMQ 7.9.0",
    "release_date" : "2021-09-30T00:00:00Z",
    "advisory" : "RHSA-2021:3700",
    "cpe" : "cpe:/a:redhat:amq_broker:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3425\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3425" ],
  "name" : "CVE-2021-3425",
  "csaw" : false
}