Lucene search
+L

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 1:8 p.m.12 views

Security Bulletin: IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Jolokia Remote Code Execution

Summary IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Jolokia Remote Code Execution CVE-2022-41678 Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ...

8.8CVSS7.9AI score0.8581EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2025/02/17 12:0 a.m.44 views

Ubuntu: Security Advisory (USN-7268-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.6AI score0.99654EPSS
Exploits33References4
Debian
Debian
added 2024/10/25 3:58 p.m.29 views

[SECURITY] [DLA 3936-1] activemq security update

Debian LTS Advisory DLA-3936-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón October 25, 2024 https://wiki.debian.org/LTS Package : activemq Version : 5.16.1-1+deb11u1 CVE ID : CVE-2022-41678 CVE-2023-46604 Debian Bug : 1054909 Two vulnerabilities were fou...

10CVSS7.2AI score0.99654EPSS
Exploits33
Tenable Nessus
Tenable Nessus
added 2024/10/25 12:0 a.m.28 views

Debian dla-3936 : activemq - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3936 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3936-1 [email protected]...

10CVSS8.2AI score0.99654EPSS
Exploits33References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:53 p.m.34 views

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2022-41678. Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

8.8CVSS8.8AI score0.8581EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/23 10:45 p.m.98 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update

Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

9.3CVSS6.6AI score0.8581EPSS
Exploits9References16
RedHat Linux
RedHat Linux
added 2024/05/21 2:18 p.m.108 views

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update

Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.1CVSS6.6AI score0.8581EPSS
Exploits4References14
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/14 2:34 p.m.102 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...

8.8CVSS9.5AI score0.8581EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 10:28 a.m.40 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution due to Apache ActiveMQ (CVE-2022-41678)

Summary Apache ActiveMQ is shipped with IBM Tivoli Netcool Impact as part of the data provider interface in the GUI server. Information about a security vulnerability affecting Apache ActiveMQ has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Apach...

8.8CVSS8.9AI score0.8581EPSS
Exploits2Affected Software1
Circl
Circl
added 2023/11/30 12:31 p.m.23 views

CVE-2022-41678

creationtimestamp| type| source ---|---|--- 2023-11-30 12:31:42+00:00| seen| https://t.me/ctinow/152559 2023-12-04 10:25:34+00:00| seen| https://t.me/arpsyndicate/1179 2023-12-06 12:50:53+00:00| seen| https://t.me/arpsyndicate/1484 2023-12-08 11:40:19+00:00| seen| https://t.me/arpsyndicate/1549...

8.8CVSS7.3AI score0.8581EPSS
Exploits2References14
RedhatCVE
RedhatCVE
added 2023/11/30 3:26 a.m.62 views

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

7.5CVSS8.6AI score0.8581EPSS
Exploits2References3
vulnersOsv
vulnersOsv
added 2023/11/28 6:30 p.m.6 views

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2022-41678 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2022-41678 Source advisory: OSV:GHSA-53V4-42FG-G287...

8.8CVSS7.3AI score0.8581EPSS
Exploits2
CVE
CVE
added 2023/11/28 3:8 p.m.201 views

CVE-2022-41678

CVE-2022-41678 : In Apache ActiveMQ, after authentication, an attacker can trigger remote code execution via Jolokia/JMX vectors (e.g., /api/jolokia) leading to arbitrary code with webshell write via Log4j/JFR paths. The root cause is an unsafe deserialization path that can be reached through Jol...

8.8CVSS8.1AI score0.8581EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder