13 matches found
Security Bulletin: IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Jolokia Remote Code Execution
Summary IBM Jazz for Service Management is vulnerable due to Apache ActiveMQ Jolokia Remote Code Execution CVE-2022-41678 Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ...
Ubuntu: Security Advisory (USN-7268-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3936-1] activemq security update
Debian LTS Advisory DLA-3936-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón October 25, 2024 https://wiki.debian.org/LTS Package : activemq Version : 5.16.1-1+deb11u1 CVE ID : CVE-2022-41678 CVE-2023-46604 Debian Bug : 1054909 Two vulnerabilities were fou...
Debian dla-3936 : activemq - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3936 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3936-1 [email protected]...
Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue
Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2022-41678. Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...
Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update
Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...
Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.12.0 release and security update
Red Hat AMQ Broker 7.12.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution due to Apache ActiveMQ (CVE-2022-41678)
Summary Apache ActiveMQ is shipped with IBM Tivoli Netcool Impact as part of the data provider interface in the GUI server. Information about a security vulnerability affecting Apache ActiveMQ has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Apach...
CVE-2022-41678
creationtimestamp| type| source ---|---|--- 2023-11-30 12:31:42+00:00| seen| https://t.me/ctinow/152559 2023-12-04 10:25:34+00:00| seen| https://t.me/arpsyndicate/1179 2023-12-06 12:50:53+00:00| seen| https://t.me/arpsyndicate/1484 2023-12-08 11:40:19+00:00| seen| https://t.me/arpsyndicate/1549...
CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...
org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2022-41678 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)
org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2022-41678 Source advisory: OSV:GHSA-53V4-42FG-G287...
CVE-2022-41678
CVE-2022-41678 : In Apache ActiveMQ, after authentication, an attacker can trigger remote code execution via Jolokia/JMX vectors (e.g., /api/jolokia) leading to arbitrary code with webshell write via Log4j/JFR paths. The root cause is an unsafe deserialization path that can be reached through Jol...