Lucene search
+L

61 matches found

snyk
snyk
added 2026/04/24 11:18 a.m.6 views

Arbitrary Code Injection

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Injection over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's...

8.8CVSS7.7AI score0.04783EPSS
Exploits14References2
snyk
snyk
added 2026/04/07 9:31 a.m.6 views

Arbitrary Code Injection

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Arbitrary Code Injection over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's JVM by invoking operations with ...

8.8CVSS7.8AI score0.96666EPSS
Exploits14References2
snyk
snyk
added 2026/04/07 9:31 a.m.7 views

Arbitrary Code Injection

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Arbitrary Code Injection over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's...

8.8CVSS7.8AI score0.96666EPSS
Exploits14References2
github
github
added 2026/04/07 9:31 a.m.10 views

Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.8AI score0.96666EPSS
Exploits14References5Affected Software2
cvelist
cvelist
added 2026/04/07 7:50 a.m.56 views

CVE-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

0.96666EPSS
Exploits14References1
osv
osv
added 2026/04/07 7:50 a.m.1 views

CVE-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.9AI score0.96666EPSS
Exploits14References9
vulnrichment
vulnrichment
added 2026/04/07 7:50 a.m.3 views

CVE-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

7.8AI score0.96666EPSS
Exploits14References1
cve
cve
added 2026/04/07 7:50 a.m.97 views

CVE-2026-34197

The CVE-2026-34197 issue affects Apache ActiveMQ products (Broker, All, and Core) before 5.19.4 and before 6.2.3 (6.0.0–6.2.3 range). The root cause is improper input validation and insecure control of code generation via the Jolokia JMX-HTTP bridge, which can be abused to load a remote Spring XM...

8.8CVSS6.6AI score0.96666EPSS
In wildExploits14References6Affected Software2
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-2881

Malware in sbrugna...

6CVSS5.7AI score0.01567EPSS
Exploits0References30
euvd
euvd
added 2025/10/07 12:30 a.m.10 views

EUVD-2007-1413

Malware in sbrugna...

4.3CVSS6.1AI score0.00634EPSS
Exploits0References7
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-18790

Malware in sbrugna...

9.8CVSS9.5AI score0.02359EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-16966

Malware in sbrugna...

9.8CVSS9.2AI score0.01807EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2016-6015

Malware in sbrugna...

9.8CVSS9.5AI score0.03898EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2926

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.16539EPSS
Exploits0References6
redhatcve
redhatcve
added 2024/10/15 4:55 a.m.21 views

CVE-2023-50780

A flaw was found in Apache ActiveMQ Artemis. Affected versions of this package allow access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. This also included the Log4J2 MBean. This MBean is not meant for exposure to...

8.8CVSS6.5AI score0.16539EPSS
Exploits0References4
osv
osv
added 2024/10/14 6:30 p.m.14 views

GHSA-443J-GRXV-2PGV Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...

8.8CVSS8.6AI score0.16539EPSS
Exploits0References6
github
github
added 2024/10/14 6:30 p.m.22 views

Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...

8.8CVSS6.7AI score0.16539EPSS
Exploits0References6Affected Software1
vulnrichment
vulnrichment
added 2024/10/14 4:3 p.m.17 views

CVE-2023-50780 Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...

6.7AI score0.16539EPSS
Exploits0References1
cvelist
cvelist
added 2024/10/14 4:3 p.m.92 views

CVE-2023-50780 Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could...

0.16539EPSS
Exploits0References1
openvas
openvas
added 2024/03/08 12:0 a.m.20 views

Fedora: Security Advisory for apache-commons-modeler (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Rows per page
Query Builder