Vulnerabilities > Apache > Activemq

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2022-41678 Deserialization of Untrusted Data vulnerability in Apache Activemq
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject.
network
low complexity
apache CWE-502
8.8
2023-10-27 CVE-2023-46604 Deserialization of Untrusted Data vulnerability in Apache Activemq
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache CWE-502
critical
9.8
2021-02-08 CVE-2020-13947 Cross-site Scripting vulnerability in multiple products
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.
network
low complexity
apache oracle CWE-79
6.1
2021-01-27 CVE-2021-26117 Improper Authentication vulnerability in multiple products
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server.
network
low complexity
apache netapp debian oracle CWE-287
7.5
2020-11-16 CVE-2020-26217 OS Command Injection vulnerability in multiple products
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.
network
low complexity
xstream-project debian netapp apache oracle CWE-78
8.8
2020-09-10 CVE-2020-13920 Missing Authentication for Critical Function vulnerability in multiple products
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry.
network
high complexity
apache oracle debian CWE-306
5.9
2020-09-10 CVE-2020-11998 A regression has been introduced in the commit preventing JMX re-bind.
network
low complexity
apache oracle
critical
9.8
2020-05-14 CVE-2020-1941 Cross-site Scripting vulnerability in multiple products
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
network
low complexity
apache oracle CWE-79
6.1
2019-08-01 CVE-2015-7559 Improper Input Validation vulnerability in multiple products
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class.
network
low complexity
apache redhat CWE-20
2.7
2019-05-23 CVE-2019-0201 Missing Authorization vulnerability in multiple products
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta.
network
high complexity
apache debian redhat oracle netapp CWE-862
5.9