Lucene search
K

4 matches found

OSV
OSV
added 2022/05/13 1:11 a.m.67 views

GHSA-R9VV-XJ4W-G8M8 Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain

The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...

7.2CVSS8.3AI score0.06924EPSS
Exploits0References26
NVD
NVD
added 2016/09/27 3:59 p.m.29 views

CVE-2016-4978

The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...

7.2CVSS7.3AI score0.06924EPSS
Exploits0References20
Prion
Prion
added 2016/09/27 3:59 p.m.20 views

Path traversal

The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...

6CVSS7.6AI score0.06924EPSS
Exploits0References20Affected Software2
Positive Technologies
Positive Technologies
added 2016/09/27 12:0 a.m.4 views

PT-2016-6204

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis versions prior to 1.4.0 Description The issue allows remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget...

7.2CVSS8.1AI score0.06924EPSS
Exploits0References32
Rows per page
Query Builder