Vulnerabilities > Apache > Activemq > 5.15.14

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2022-41678 Deserialization of Untrusted Data vulnerability in Apache Activemq
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject.
network
low complexity
apache CWE-502
8.8
8.8
2023-10-27 CVE-2023-46604 Deserialization of Untrusted Data vulnerability in Apache Activemq
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache CWE-502
critical
 9.8
9.8