CVE-2021-26118

Flaw in ActiveMQ Artemis OpenWire support

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

Al investigar ARTEMIS-2964, se detectó que la creación de mensajes de aviso en el encabezado del protocolo OpenWire de Apache ActiveMQ Artemis versión 2.15.0, omitió el control de acceso basado en políticas para toda la sesión. La producción de mensajes de aviso no estuvo sujeta al control de acceso por error

A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity.

*Credits: Apache ActiveMQ would like to thank Francesco Marchioni (Red Hat) for reporting this issue.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-01-25 CVE Reserved
2021-01-27 CVE Published
2023-12-20 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-284: Improper Access Control
CWE-285: Improper Authorization

CAPEC

References (5)

URL	Tag	Source
https://lists.apache.org/thread.html/rafd5d7cf303772a0118865262946586921a65ebd98fc24f56c812574%40%3Cannounce.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20210827-0002	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E	2023-11-07
https://access.redhat.com/security/cve/CVE-2021-26118	2021-02-04
https://bugzilla.redhat.com/show_bug.cgi?id=1892384	2021-02-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Activemq Artemis Search vendor "Apache" for product "Activemq Artemis"				2.15.0 Search vendor "Apache" for product "Activemq Artemis" and version "2.15.0"		-		Affected
Netapp Search vendor "Netapp"		Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation"				-		-		Affected