Vulnerabilities > Apache > Activemq > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-46604 The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution.
network
low complexity
apache debian netapp
critical
9.8
2020-09-10 CVE-2020-11998 A regression has been introduced in the commit preventing JMX re-bind.
network
low complexity
apache oracle
critical
9.8
2017-10-27 CVE-2014-3600 XXE vulnerability in Apache Activemq
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
network
low complexity
apache CWE-611
critical
9.8
2016-06-01 CVE-2016-3088 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Activemq
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
network
low complexity
apache CWE-434
critical
9.8
2016-01-08 CVE-2015-5254 Improper Input Validation vulnerability in multiple products
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
network
low complexity
redhat apache fedoraproject CWE-20
critical
9.8