org.apache.qpid:qpid-broker (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.qpid:qpid-broker, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2017-15702 — CVSS 9.8 (critical): In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of…
CVE-2016-8741 — CVSS 7.5 (high): The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among…
CVE-2017-15701 — CVSS 7.5 (high): In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0…
CVE-2016-3094 — CVSS 5.9 (medium): PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers…