Activemq@* Security Vulnerabilities and Issues — Activemq@* CVE List

Lucene search

ApacheActivemq*

4 matches found

CVE•added 2020/11/16 9:15 p.m.•341 views

CVE-2020-26217

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is ...

9.3CVSS8.2AI score0.93566EPSS

CVE•added 2020/05/14 5:15 p.m.•149 views

CVE-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

6.1CVSS6AI score0.04424EPSS

CVE•added 2020/09/10 7:15 p.m.•142 views

CVE-2020-13920

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to pr...

5.9CVSS5.8AI score0.00282EPSS

CVE•added 2020/09/10 7:15 p.m.•95 views

CVE-2020-11998

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/...

9.8CVSS9.6AI score0.16601EPSS