Vulnerabilities > Apache > Activemq Artemis > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-14 CVE-2023-50780 Unspecified vulnerability in Apache Activemq Artemis
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint.
network
low complexity
apache
8.8
2022-02-04 CVE-2022-23913 In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
network
low complexity
apache netapp
7.5
2021-01-27 CVE-2021-26118 While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session.
network
low complexity
apache netapp
7.5
2021-01-27 CVE-2021-26117 Improper Authentication vulnerability in multiple products
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server.
network
low complexity
apache netapp debian oracle CWE-287
7.5
2018-03-07 CVE-2017-12174 It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message.
network
low complexity
apache redhat
7.5
2016-09-27 CVE-2016-4978 Deserialization of Untrusted Data vulnerability in multiple products
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
network
low complexity
apache redhat CWE-502
7.2