9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.8%
activemq is vulnerable to Remote Code Execution. The vulnerability is due to BaseDataStreamMarshaller.java
as there is no class validation and does not verify that the loaded class is a valid Throwable
. This allows an attacker to manipulate serialized class types within the OpenWire protocol, potentially leads to the broker creating an instances of any class available on the system’s classpath, which can result in Remote Code Execution.
packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
seclists.org/fulldisclosure/2024/Apr/18
www.openwall.com/lists/oss-security/2023/10/27/5
activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
github.com/advisories/GHSA-crg9-44h2-xw35
github.com/apache/activemq/commit/3eaf3107f4fb9a3ce7ab45c175bfaeac7e866d5b
github.com/apache/activemq/pull/1098
lists.debian.org/debian-lts-announce/2023/11/msg00013.html
packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
security.netapp.com/advisory/ntap-20231110-0010/
www.openwall.com/lists/oss-security/2023/10/27/5
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.973 High
EPSS
Percentile
99.8%