8.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
8.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
A flaw was found in Apache ActiveMQ. This vulnerability contains an insecure default configuration in Jolokia and REST API, allowing any user to bypass security restrictions. The vulnerability exists due to missing authorization in the application’s REST API. The default configuration doesn’t secure the API web context where the Jolokia JMX REST API and the Message REST API are located. This flaw allows an unauthenticated attacker to interact with the broker using the Jolokia JMX REST API to produce/consume messages or purge/delete destinations using the Message REST API.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
8.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
8.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%