CVE-2021-26118
Flaw in ActiveMQ Artemis OpenWire support
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.
Al investigar ARTEMIS-2964, se detectó que la creación de mensajes de aviso en el encabezado del protocolo OpenWire de Apache ActiveMQ Artemis versión 2.15.0, omitió el control de acceso basado en políticas para toda la sesión. La producción de mensajes de aviso no estuvo sujeta al control de acceso por error
A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-25 CVE Reserved
- 2021-01-27 CVE Published
- 2023-12-20 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-285: Improper Authorization
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://lists.apache.org/thread.html/rafd5d7cf303772a0118865262946586921a65ebd98fc24f56c812574%40%3Cannounce.apache.org%3E | Mailing List | |
https://security.netapp.com/advisory/ntap-20210827-0002 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Activemq Artemis Search vendor "Apache" for product "Activemq Artemis" | 2.15.0 Search vendor "Apache" for product "Activemq Artemis" and version "2.15.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
|