Security News > 2023 > November > New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar
2023-11-15 13:49

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6,


News URL

https://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46604 Deserialization of Untrusted Data vulnerability in multiple products
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache debian netapp CWE-502
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 544 711 366 1634