Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Activemq Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2014-3600

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

9.8CVSS

9.3AI Score

0.008EPSS

2017-10-27 07:29 PM
101
cve
cve

CVE-2015-5254

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

9.8CVSS

8.7AI Score

0.036EPSS

2016-01-08 07:59 PM
140
2
cve
cve

CVE-2016-3088

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

9.8CVSS

9.7AI Score

0.967EPSS

2016-06-01 08:59 PM
954
In Wild
9
cve
cve

CVE-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/...

9.8CVSS

9.6AI Score

0.007EPSS

2020-09-10 07:15 PM
65
5