Activemq

DATE	CVE	VULNERABILITY TITLE	RISK
2024-05-02	CVE-2024-32114	Unspecified vulnerability in Apache Activemq In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. network low complexity apache	8.8
2023-11-28	CVE-2022-41678	Unspecified vulnerability in Apache Activemq Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. network low complexity apache	8.8
2023-10-27	CVE-2023-46604	The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. network low complexity apache debian netapp critical	9.8
2021-03-23	CVE-2021-21351	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity netapp apache xstream debian fedoraproject oracle CWE-434 critical	9.1
2021-03-23	CVE-2021-21350	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity netapp apache xstream debian fedoraproject oracle CWE-434 critical	9.8
2021-03-23	CVE-2021-21349	Deserialization of Untrusted Data vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity netapp apache xstream debian fedoraproject oracle CWE-502	8.6
2021-03-23	CVE-2021-21348	Resource Exhaustion vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity netapp apache xstream debian fedoraproject oracle CWE-400	7.5
2021-03-23	CVE-2021-21347	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity netapp apache xstream debian fedoraproject oracle CWE-434 critical	9.8
2021-03-23	CVE-2021-21346	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity netapp apache xstream debian fedoraproject oracle CWE-434 critical	9.8
2021-03-23	CVE-2021-21345	OS Command Injection vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity netapp apache xstream debian fedoraproject oracle CWE-78 critical	9.9