Vulnerabilities > Apache > Activemq > 5.5.1

DATE CVE VULNERABILITY TITLE RISK
2023-11-28 CVE-2022-41678 Deserialization of Untrusted Data vulnerability in Apache Activemq
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject.
network
low complexity
apache CWE-502
8.8
2023-10-27 CVE-2023-46604 Deserialization of Untrusted Data vulnerability in Apache Activemq
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache CWE-502
critical
9.8
2021-02-08 CVE-2020-13947 Cross-site Scripting vulnerability in multiple products
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.
network
low complexity
apache oracle CWE-79
6.1
2020-09-10 CVE-2020-13920 Missing Authentication for Critical Function vulnerability in multiple products
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry.
network
high complexity
apache oracle debian CWE-306
5.9
2020-05-14 CVE-2020-1941 Cross-site Scripting vulnerability in multiple products
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
network
low complexity
apache oracle CWE-79
6.1
2019-08-01 CVE-2015-7559 Improper Input Validation vulnerability in multiple products
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class.
network
low complexity
apache redhat CWE-20
2.7
2019-03-28 CVE-2019-0222 In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
network
low complexity
apache netapp oracle debian
7.5
2018-10-10 CVE-2018-8006 Cross-site Scripting vulnerability in Apache Activemq
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5.
network
low complexity
apache CWE-79
6.1
2018-09-10 CVE-2018-11775 Improper Certificate Validation vulnerability in multiple products
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server.
network
high complexity
apache oracle CWE-295
7.4
2018-01-10 CVE-2016-6810 Cross-site Scripting vulnerability in Apache Activemq
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console.
network
low complexity
apache CWE-79
6.1