Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9ceu-jpbx-dyfu
Vulnerability ID VCID-9ceu-jpbx-dyfu
Aliases CVE-2020-25640
GHSA-jw3v-5ch2-wfmm
Summary wildfly: resource adapter logs plaintext JMS password at warning level on connection error
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-209 Generation of Error Message Containing Sensitive Information
CWE-532 Insertion of Sensitive Information into Log File
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25640.json
epss 0.00354 https://api.first.org/data/v1/epss?cve=CVE-2020-25640
cvssv3.1 5.3 https://bugzilla.redhat.com/show_bug.cgi?id=1881637
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=1881637
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-jw3v-5ch2-wfmm
cvssv3.1 5.3 https://github.com/amqphub/amqp-10-resource-adapter/issues/13
generic_textual MODERATE https://github.com/amqphub/amqp-10-resource-adapter/issues/13
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-25640
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2020-25640
cvssv3.1 5.3 https://security.netapp.com/advisory/ntap-20201210-0001
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20201210-0001
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25640.json
https://api.first.org/data/v1/epss?cve=CVE-2020-25640
https://github.com/amqphub/amqp-10-resource-adapter/issues/13
https://nvd.nist.gov/vuln/detail/CVE-2020-25640
https://security.netapp.com/advisory/ntap-20201210-0001
https://security.netapp.com/advisory/ntap-20201210-0001/
1881637 https://bugzilla.redhat.com/show_bug.cgi?id=1881637
GHSA-jw3v-5ch2-wfmm https://github.com/advisories/GHSA-jw3v-5ch2-wfmm
RHSA-2021:0246 https://access.redhat.com/errata/RHSA-2021:0246
RHSA-2021:0247 https://access.redhat.com/errata/RHSA-2021:0247
RHSA-2021:0248 https://access.redhat.com/errata/RHSA-2021:0248
RHSA-2021:0250 https://access.redhat.com/errata/RHSA-2021:0250
RHSA-2021:0295 https://access.redhat.com/errata/RHSA-2021:0295
RHSA-2021:0327 https://access.redhat.com/errata/RHSA-2021:0327
RHSA-2021:3140 https://access.redhat.com/errata/RHSA-2021:3140
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25640.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1881637
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/amqphub/amqp-10-resource-adapter/issues/13
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-25640
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20201210-0001
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57974
EPSS Score 0.00354
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:19:06.306651+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25640.json 38.6.0