Lucene search
K

7 matches found

CVE
CVE
added 2022/02/04 10:33 p.m.316 views

CVE-2022-23913

CVE-2022-23913 affects Apache ActiveMQ Artemis, specifically versions prior to 2.20.0 or 2.19.1. The issue allows an attacker to partially disrupt availability (DoS) through uncontrolled memory/resource consumption. This conclusion is drawn from the CVE entry and the IBM security bulletin that li...

7.5CVSS8.4AI score0.02718EPSS
CVE
CVE
added 2021/01/27 12:0 a.m.205 views

CVE-2021-26117

CVE-2021-26117 describes an LDAP authentication weakness in the optional ActiveMQ LDAP login module where anonymous access can bypass password verification. Connected sources confirm affected lines: Apache ActiveMQ Artemis prior to 2.16.0 and Apache ActiveMQ prior to 5.16.1 and 5.15.14. Debian/Ub...

7.5CVSS7.5AI score0.11239EPSS
CVE
CVE
added 2018/03/07 10:0 p.m.157 views

CVE-2017-12174

CVE-2017-12174 affects Artemis and HornetQ when configured with UDP discovery and JGroups discovery; a huge byte array is created upon receiving an unexpected multicast message, leading to heap memory exhaustion, full GC, or OutOfMemoryError. The OSV/Nessus Red Hat advisories summarize this as pa...

7.8CVSS7.4AI score0.05966EPSS
CVE
CVE
added 2022/08/23 12:0 a.m.154 views

CVE-2022-35278

CVE-2022-35278 affects Apache ActiveMQ Artemis before 2.24.0, where HTML in the name of an address/queue can inject HTML into the web console, potentially showing malicious content or redirecting users. Red Hat AMQ Broker advisories confirm a fix in 2.24.0+ (and related advisories list the CVE). ...

6.1CVSS6.2AI score0.01413EPSS
CVE
CVE
added 2016/09/27 3:0 p.m.141 views

CVE-2016-4978

CVE-2016-4978 affects Apache ActiveMQ Artemis (JMS ObjectMessage getObject) where deserialization of untrusted input can occur via gadget classes on Artemis classpath. Affected components include the JMS Core client, Artemis broker, and Artemis REST component in Artemis before 1.4.0. Successful e...

7.2CVSS7.5AI score0.06924EPSS
CVE
CVE
added 2022/08/24 3:13 p.m.98 views

CVE-2021-4040

CVE-2021-4040 affects AMQ Broker / Red Hat AMQ Broker where a malformed message can trigger an Out-of-Memory condition, partially disrupting availability. The issue is cited in multiple sources (e.g., GHSA advisory and RHSA-2022:5101) describing a partial DoS via OOM without full compromise. Red ...

5.3CVSS4.8AI score0.02499EPSS
CVE
CVE
added 2024/10/14 4:3 p.m.64 views

CVE-2023-50780

Apache ActiveMQ Artemis suffers a vulnerability where diagnostic MBeans (including the Log4J2 MBean) are exposed through the Jolokia endpoint, accessible to authenticated users. Before version 2.29.0 this exposure could allow an authenticated attacker to write arbitrary files to the filesystem an...

8.8CVSS8.6AI score0.16539EPSS