Security News > 2023 > November > New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar
2023-11-15 13:49
Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 (CVSS score: 10.0), the vulnerability is a remote code execution bug that could permit a threat actor to run arbitrary shell commands. It was patched by Apache in ActiveMQ versions 5.15.16, 5.16.7, 5.17.6,
News URL
https://thehackernews.com/2023/11/new-poc-exploit-for-apache-activemq.html
Related news
- Citrix urges 'immediate; patch for critical NetScaler bug as exploit POC made public (source)
- Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities (source)
- Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits (source)
- Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits (source)
- Week in review: LockBit exploits Citrix Bleed, Apache ActiveMQ bug exploited for cryptojacking (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-27 | CVE-2023-46604 | Deserialization of Untrusted Data vulnerability in Apache Activemq The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. | 9.8 |