CVE-2020-13931
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case.
Si Apache TomEE versiones 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 está configurado para utilizar el broker ActiveMQ insertado y el broker config está configurado inapropiadamente, un puerto JMX es abierto en el puerto TCP 1099, que no incluye autenticación. CVE-2020-11969 abordó previamente la creación de la interfaz de administración JMX, sin embargo, una corrección incompleta no cubrió este caso extremo
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-08 CVE Reserved
- 2020-12-17 CVE Published
- 2024-08-04 CVE Updated
- 2024-10-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Tomee Search vendor "Apache" for product "Tomee" | >= 1.0.0 <= 1.7.5 Search vendor "Apache" for product "Tomee" and version " >= 1.0.0 <= 1.7.5" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomee Search vendor "Apache" for product "Tomee" | >= 7.0.0 <= 7.0.8 Search vendor "Apache" for product "Tomee" and version " >= 7.0.0 <= 7.0.8" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomee Search vendor "Apache" for product "Tomee" | >= 7.1.0 <= 7.1.3 Search vendor "Apache" for product "Tomee" and version " >= 7.1.0 <= 7.1.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomee Search vendor "Apache" for product "Tomee" | >= 8.0.0 <= 8.0.3 Search vendor "Apache" for product "Tomee" and version " >= 8.0.0 <= 8.0.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Tomee Search vendor "Apache" for product "Tomee" | 7.0.0 Search vendor "Apache" for product "Tomee" and version "7.0.0" | m1 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomee Search vendor "Apache" for product "Tomee" | 7.0.0 Search vendor "Apache" for product "Tomee" and version "7.0.0" | m2 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomee Search vendor "Apache" for product "Tomee" | 7.0.0 Search vendor "Apache" for product "Tomee" and version "7.0.0" | m3 |
Affected
| ||||||
Apache Search vendor "Apache" | Tomee Search vendor "Apache" for product "Tomee" | 8.0.0 Search vendor "Apache" for product "Tomee" and version "8.0.0" | m1 |
Affected
|