Vulnerabilities > CVE-2023-46604 - Deserialization of Untrusted Data vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks (source)
- Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims (source)
- TellYouThePass ransomware joins Apache ActiveMQ RCE attacks (source)
- Experts Warn of Ransomware Hackers Exploiting Atlassian and Apache Flaws (source)
- New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar (source)
- Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits (source)
- Apache ActiveMQ bug exploited to deliver Kinsing malware (source)
- GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability (source)
References
- https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
- https://security.netapp.com/advisory/ntap-20231110-0010/
- https://www.openwall.com/lists/oss-security/2023/10/27/5
- https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
- https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2024/Apr/18