CVE-2020-11969

🗓️ 15 Jun 2020 20:15:11Reported by [email protected]Type

Apache TomEE embedded ActiveMQ broker allows unauthorized access via JMX port

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the Apache TomEE application server, related to authentication errors, allows attackers to escalate their privileges, execute arbitrary code, or cause service failures.	13 Apr 202100:00	–	bdu_fstec
CNVD	Apache TomEE Authorization Issues Vulnerability	16 Jun 202000:00	–	cnvd
CVE	CVE-2020-11969	15 Jun 202019:03	–	cve
Cvelist	CVE-2020-11969	15 Jun 202019:03	–	cvelist
EUVD	EUVD-2022-0901	3 Oct 202520:07	–	euvd
Github Security Blog	Missing Authentication for Critical Function in Apache TomEE	10 Feb 202223:07	–	github
OSV	GHSA-836G-5FR5-FGCR Missing Authentication for Critical Function in Apache TomEE	10 Feb 202223:07	–	osv
Prion	Authentication flaw	15 Jun 202020:15	–	prion
Prion	Input validation	18 Dec 202000:15	–	prion
RedhatCVE	CVE-2020-11969	22 May 202517:24	–	redhatcve

NVD

Node

apache tomeeRange1.0.0–1.7.5

apache tomeeRange7.0.0–7.0.7

apache tomeeRange7.1.0–7.1.2

apache tomeeRange8.0.0–8.0.1

apache tomeeMatch7.0.0m1

apache tomeeMatch7.0.0m2

apache tomeeMatch7.0.0m3

apache tomeeMatch8.0.0m1

Source	Link
lists	www.lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/rbd23418646dedda70a546331ea1c1d115b8975b7e7dc452d10e2e773%40%3Cdev.tomee.apache.org%3E
openwall	www.openwall.com/lists/oss-security/2020/12/16/2
lists	www.lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cusers.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/rbd23418646dedda70a546331ea1c1d115b8975b7e7dc452d10e2e773%40%3Cannounce.apache.org%3E
lists	www.lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9%40%3Cdev.tomee.apache.org%3E

17 Jun 2026 02:51Current

CVSS 26.8

CVSS 3.19.8

EPSS0.04115