Lucene search
ApacheCVELIST:CVE-2020-13931HistoryDec 17, 2020 - 11:42 p.m.
CVE-2020-13931
2020-12-1723:42:39
apache
www.cve.org
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case.
CNA Affected
[
{
"product": "Apache TomEE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5"
}
]
}
]References
lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4%40%3Cdev.tomee.apache.org%3E
lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9%40%3Cdev.tomee.apache.org%3E
lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E
Related
veracode
veracode
Missing Authentication Due To Incorrect Configuration
2020-12-18 06:47:12
Missing Authentication
2020-06-16 04:41:09
osv
osv
Remote code execution in Apache TomEE
2022-02-09 22:44:38
CVE-2020-13931
2020-12-18 00:15:00
CVE-2020-11969
2020-06-15 20:15:11
prion
prion
Input validation
2020-12-18 00:15:00
Authentication flaw
2020-06-15 20:15:00
nvd
nvd
CVE-2020-13931
2020-12-18 00:15:14
CVE-2020-11969
2020-06-15 20:15:11
cve
cve
CVE-2020-13931
2020-12-18 00:15:14
CVE-2020-11969
2020-06-15 20:15:11
openvas
openvas
Apache TomEE JMX Vulnerability (CVE-2020-13931)
2020-12-21 00:00:00
github
github
Remote code execution in Apache TomEE
2022-02-09 22:44:38
Missing Authentication for Critical Function in Apache TomEE
2022-02-10 23:07:37
cvelist
cvelist
CVE-2020-11969
2020-06-15 19:03:49