Vulnerabilities > Apache > Activemq Artemis

DATE CVE VULNERABILITY TITLE RISK
2024-10-14 CVE-2023-50780 Unspecified vulnerability in Apache Activemq Artemis
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint.
network
low complexity
apache
8.8
2022-08-24 CVE-2021-4040 Out-of-bounds Write vulnerability in multiple products
A flaw was found in AMQ Broker.
network
low complexity
redhat apache CWE-787
5.3
2022-08-23 CVE-2022-35278 Cross-site Scripting vulnerability in multiple products
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
network
low complexity
apache netapp CWE-79
6.1
2022-02-04 CVE-2022-23913 In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
network
low complexity
apache netapp
7.5
2021-01-27 CVE-2021-26118 While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session.
network
low complexity
apache netapp
7.5
2021-01-27 CVE-2021-26117 Improper Authentication vulnerability in multiple products
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server.
network
low complexity
apache netapp debian oracle CWE-287
7.5
2020-07-20 CVE-2020-13932 Cross-site Scripting vulnerability in Apache Activemq Artemis
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability.
network
low complexity
apache CWE-79
6.1
2020-06-26 CVE-2020-10727 Insufficiently Protected Credentials vulnerability in multiple products
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation.
local
low complexity
apache netapp CWE-522
5.5
2018-03-07 CVE-2017-12174 It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message.
network
low complexity
apache redhat
7.5
2016-09-27 CVE-2016-4978 Deserialization of Untrusted Data vulnerability in multiple products
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
network
low complexity
apache redhat CWE-502
7.2