39 matches found
EUVD-2026-25412
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...
CVE-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...
CVE-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...
CVE-2026-40466
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...
CVE-2026-40466
CVE-2026-40466 affects Apache ActiveMQ components (Broker, All, and ActiveMQ) with vulnerable versions prior to 5.19.6 and 6.0.0–6.2.4/6.2.5 before patch. The issue is due to improper input validation and code injection: an authenticated attacker can bypass CVE-34197 by adding a network connector...
Linux Distros Unpatched Vulnerability : CVE-2026-41044
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All...
Apache多款产品 输入验证错误漏洞
Apache ActiveMQ, among others, is a product of the Apache Foundation in the United States. Apache ActiveMQ is an open-source messaging middleware. Apache ActiveMQ Broker is a enterprise-level messaging proxy middleware that supports multiple protocols. Apache ActiveMQ All is a complete messaging...
Exploit for CVE-2026-34197
CVE-2026-34197 — Apache ActiveMQ Classic RCE via Jolokia API...
Apache ActiveMQ < 5.19.4 / 6.x < 6.2.3 Improper Input Validation Code Injection
The version of Apache ActiveMQ running on the remote host is prior to 5.19.4 or 6.x prior to 6.2.3. It is, therefore, affected by an improper input validation and code injection vulnerability: - ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ with a default access policy tha...
Exploit for CVE-2026-34197
CVE-2026-34197 — Apache ActiveMQ RCE vía Jolokia API Descr...
Authenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
UBUNTU-CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
CVE-2026-34197
The CVE-2026-34197 issue affects Apache ActiveMQ products (Broker, All, and Core) before 5.19.4 and before 6.2.3 (6.0.0–6.2.3 range). The root cause is improper input validation and insecure control of code generation via the Jolokia JMX-HTTP bridge, which can be abused to load a remote Spring XM...
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
CVE-2026-34197 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
Apache ActiveMQ 安全漏洞
Apache ActiveMQ Broker is an open source message broker and integration pattern server . A security vulnerability exists in Apache ActiveMQ Broker. The vulnerability stems from the Jolokia JMX-HTTP bridge default policy that allows exec operations on MBeans, which can be exploited by an attacker ...
CVE-2026-34197
Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...
cloud.altemista.fwk.integration:cloud-altemistafwk-core-integration-ws-conf (>=3.0.0.RELEASE <=3.0.1.RELEASE), com.antheminc.oss:nimbus-starter (>=1.3.0 <=1.3.2.M1) +520 more potentially affected by CVE-2019-3773 via org.springframework.ws:spring-xml (>=3.0.0.RELEASE <=3.0.5.RELEASE)
org.springframework.ws:spring-xml MAVEN version =3.0.0.RELEASE, =3.0.0.RELEASE, =1.3.0, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.2.1, =2.3.3 - com.coherentlogic.cmr.api:cmr-api-core =2.0.3-RELEASE - com.coherentlogic.cmr.api:cmr-api-core-boot =2.0.3-RELEASE -...
com.ahome-it:ahome-tooling-server-core (>=1.0.83-RC1 <=1.1.36-RELEASE), com.ahome-it:ahome-tooling-server-hazelcast (>=1.0.88-RC1 <=1.1.27-RELEASE) +684 more potentially affected by CVE-2019-3773 via org.springframework.ws:spring-xml (>=1.0-m2 <=2.4.3.RELEASE)
org.springframework.ws:spring-xml MAVEN version =1.0-m2, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.1.0-RELEASE, =1.0.83-RC1, =1.0.83-RC1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.2.0.M5 - com.coherentlogic.cmr.api:cmr-api-core =2.0.2.1-RELEASE - com.coherentlogic.cmr.api:cmr-api-core-bo...