CVE-2020-11969

2020-06-1519:03:49

apache

www.cve.org

9.4 High

AI Score

Confidence

High

0.04 Low

EPSS

Percentile

92.1%

JSON

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.

CNA Affected

[
  {
    "product": "Apache TomEE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5"
      }
    ]
  }
]