Lucene search

ApacheCVELIST:CVE-2020-1941

HistoryMay 14, 2020 - 4:29 p.m.

CVE-2020-1941

2020-05-1416:29:26

apache

www.cve.org

AI Score

6.6

Confidence

High

EPSS

0.003

Percentile

70.9%

JSON

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

CNA Affected

[
  {
    "product": "Apache ActiveMQ",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache ActiveMQ 5.0.0 to 5.15.11"
      }
    ]
  }
]

References

activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt

lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E

lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html