CVE-2020-10727
5.5 MEDIUMA flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in pl...
Published: 2020-06-26 · Last updated: 2026-06-15
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-312, CWE-522
Affected products
| Vendor | Product |
|---|---|
| apache | artemis, oncommand_workflow_automation |
| netapp | artemis, oncommand_workflow_automation |
Description
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this flaw to read the contents of the Artemis shadow file.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-10727
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=1827200
- [Other]https://issues.redhat.com/browse/ENTMQBR-3435
- [Other]https://security.netapp.com/advisory/ntap-20210827-0001/
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=1827200
- [Other]https://issues.redhat.com/browse/ENTMQBR-3435
- [Other]https://security.netapp.com/advisory/ntap-20210827-0001/
Related CVEs
Same vendor
- CVE-2026-50645 — There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can l... (7.5 HIGH)
- CVE-2026-50634 — A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticate... (6.5 MEDIUM)
- CVE-2026-50633 — A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an atta... (8.1 HIGH)
- CVE-2026-50632 — A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been ide... (8.1 HIGH)
- CVE-2026-50631 — A race condition in AbstractOAuthDataProvider allows concurrent requests using the same Refresh Token to bypass single-use semantics and ... (7.4 HIGH)
Same CWE
- CVE-2026-53840 — OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configur... (7.1 HIGH)
- CVE-2026-6517 — Mattermost Desktop App versions <=6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in ... (6.3 MEDIUM)
- CVE-2026-49949 — CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive crede... (5.3 MEDIUM)
- CVE-2026-46622 — SolidInvoice is an open-source invoicing platform (8.1 HIGH)
- CVE-2024-45636 — IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user (4.1 MEDIUM)