10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
7.7 High
AI Score
Confidence
High
0.964 High
EPSS
Percentile
99.6%
Apache ActiveMQ is bundled with IBM Jazz for Service Management as part of the communication service between providers. Please see below for steps to take to address the vulnerability.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Jazz for Service Management | 1.1.3 |
Principal Product and Version(s)|Affected Supporting Product and Version|
Vulnerability Details
** **| **Remediation **
โ|โ|โ|โ
Jazz for Service Management version 1.1.3.7 - 1.1.3.19|
Websphere Application Server Full Profile 9.0
|
CVEID: CVE-2023-46604 Description: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the class types in the OpenWire protocol. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.CVSS Base Score: 9.4
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/269795> for more information
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)
|
Upgrade to - <https://www.ibm.com/support/pages/node/7083923>
Jazz for Service Management version 1.1.3- 1.1.3.19|
Websphere Application Server Full Profile 8.5.5
|
CVEID: CVE-2023-46604 Description: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the class types in the OpenWire protocol. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.CVSS Base Score: 9.4
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/269795> for more information
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H)
| Upgrade to - <https://www.ibm.com/support/pages/node/7083923>
NA
CPE | Name | Operator | Version |
---|---|---|---|
jazz for service management | eq | 1.1.3 |
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
7.7 High
AI Score
Confidence
High
0.964 High
EPSS
Percentile
99.6%