Lucene search
K

9 matches found

Nuclei
Nuclei
added 17 hours ago15 views

Apache ActiveMQ 6.x < 6.1.2 - Broken Access Control

Apache ActiveMQ 6.x contains an unauthenticated API web context caused by default configuration lacking security measures in the Jetty server, letting anyone interact with broker APIs and messaging layers, exploit requires no authentication. id: CVE-2024-32114 info: name: Apache ActiveMQ 6.x 6.1....

8.8CVSS7.3AI score0.0692EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.10 views

CVE-2026-49157

A flaw was found in Apache ActiveMQ. The default authorization settings for Jolokia, a management interface, incorrectly allowed non-administrative web-login accounts to access and execute critical broker management operations. This could enable a low-privilege attacker to perform actions typical...

8.8CVSS5.7AI score0.00424EPSS
Exploits0References5
OSV
OSV
added 2026/06/05 5:38 a.m.11 views

BIT-ACTIVEMQ-2026-49157 Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.4AI score0.00424EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Incorrect Default Permissions

Overview org.apache.activemq:apache-activemq is a Message Broker and Client implementations. Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default authorization settings in Jolokia. An attacker can perform unauthorized broker management operations,...

8.8CVSS5.5AI score0.00424EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Incorrect Default Permissions

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default authorization settings in Jolokia. An attacker can perform unauthorized broker management...

8.8CVSS5.5AI score0.00424EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 9:16 a.m.10 views

UBUNTU-CVE-2026-49157

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.8AI score0.00424EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/01 7:20 a.m.14 views

CVE-2026-49157 Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

5.8AI score0.00424EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 7:20 a.m.48 views

CVE-2026-49157

CVE-2026-49157 affects Apache ActiveMQ prior to 5.19.7 and prior to 6.2.6 for 6.x. The vulnerability arises from default Jolokia authorization settings that grant non-admin (low-privilege) web-login accounts access to broker-management operations (e.g., addQueue, removeQueue). This can impact con...

8.8CVSS5.8AI score0.00424EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/01 7:20 a.m.54 views

CVE-2026-49157 Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

0.00424EPSS
Exploits0References1
Rows per page
Query Builder