Apache · Apache Qpid · CVE-2011-3620
**Name of the Vulnerable Software and Affected Versions**
Apache Qpid version 0.12
**Description**
The issue allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username, due to improper verification of credentials during the joining of a cluster.
**Recommendations**
For Apache Qpid version 0.12, consider restricting access to cluster functionality until a proper fix is applied, and ensure that all cluster-usernames are properly secured to minimize the risk of exploitation.