5 matches found
CVE-2020-11969
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 -...
Missing Authentication Due To Incorrect Configuration
Apache Tomee openejb-core has missing authentication. The vulnerability exists due to an incomplete fix of CVE-2020-11969 where when embedded ActiveMQ broker with URI setting useJMX=true is used, it causes JMX port to open on TCP port 1099, which does not include authentication...
Input validation
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
CVE-2020-11969
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 -...
CVE-2020-11969
CVE-2020-11969 concerns Apache TomEE when configured with the embedded ActiveMQ broker and broker URI includes useJMX=true, which opens a JMX port on TCP 1099 without authentication. Affected versions: TomEE 8.0.0-M1 through 8.0.1; 7.1.0 through 7.1.2; 7.0.0-M1 through 7.0.7; 1.0.0 through 1.7.5....