CVSS: 9.0EPSS: 63%CPEs: 2EXPL: 1CVE-2022-41678 – Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE
https://notcve.org/view.php?id=CVE-2022-41678
28 Nov 2023 — Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RC... • https://github.com/mbadanoiu/CVE-2022-41678 • CWE-287: Improper Authentication CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 94%CPEs: 12EXPL: 30CVE-2023-46604 – Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2023-46604
27 Oct 2023 — The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this is... • https://packetstorm.news/files/id/175676 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 33%CPEs: 4EXPL: 0CVE-2020-13947
https://notcve.org/view.php?id=CVE-2020-13947
08 Feb 2021 — An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. Se identificó una instancia de una vulnerabilidad de tipo cross-site scripting en la consola de administración basada en web en la página message.jsp de Apache ActiveMQ versiones 5.15.12 hasta 5.16.0 • http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 16%CPEs: 10EXPL: 0CVE-2021-26117 – ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
https://notcve.org/view.php?id=CVE-2021-26117
27 Jan 2021 — The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. El módulo de inicio de sesión LDAP de ActiveMQ opcional puede ser configurado para usar el acceso anónimo al servidor LDAP. En este caso, para Apache ActiveMQ Artemis an... • https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02%40%3Cissues.activemq.apache.org%3E • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 93%CPEs: 36EXPL: 4CVE-2020-26217 – Remote Code Execution in XStream
https://notcve.org/view.php?id=CVE-2020-26217
16 Nov 2020 — XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. • https://github.com/Al1ex/CVE-2020-26217 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 19%CPEs: 8EXPL: 0CVE-2020-11998
https://notcve.org/view.php?id=CVE-2020-11998
10 Sep 2020 — A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remo... • http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2020-13920 – activemq: improper authentication allows MITM attack
https://notcve.org/view.php?id=CVE-2020-13920
10 Sep 2020 — Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. Apache ActiveMQ usa la función Locat... • http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 10%CPEs: 14EXPL: 0CVE-2020-1941
https://notcve.org/view.php?id=CVE-2020-1941
14 May 2020 — In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. En Apache ActiveMQ versiones 5.0.0 hasta 5.15.11, la Interfaz de Usuario Gráfica de administración webconsole está abierta a un ataque de tipo XSS, en la vista que enumera el contenido de una cola. • http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7559 – ActiveMQ: DoS in client via shutdown command
https://notcve.org/view.php?id=CVE-2015-7559
01 Aug 2019 — It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. Se encontró que el cliente ActiveMQ de Apache anterior a versión 5.15.5, expuso un comando de apagado remoto en clase ActiveMQConnection. Un atacante que inicio sesión en un broker comprometido podría utilizar este fallo para lograr una denegación de servicio en un cli... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559 • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2019-0201 – zookeeper: Information disclosure in Apache ZooKeeper
https://notcve.org/view.php?id=CVE-2019-0201
23 May 2019 — An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthentica... • http://www.securityfocus.com/bid/108427 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-862: Missing Authorization •