Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache activemq vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32114
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with th...
8.8
CVSSv3
CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to cr...
Apache Activemq
9.8
CVSSv3
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire...
Apache Activemq
Apache Activemq Legacy Openwire Module
25 Github repositories
1 Article
9.8
CVSSv3
CVE-2023-1140
Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a vulnerability that could allow an malicious user to achieve unauthenticated remote code execution in the context of an administrator.
Deltaww Infrasuite Device Master
9.8
CVSSv3
CVE-2023-1133
Delta Electronics InfraSuite Device Master versions before 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated mal...
Deltaww Infrasuite Device Master
5.3
CVSSv3
CVE-2021-4040
A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an malicious user to partially disrupt availability to the broker through a sustained attack of maliciously crafted...
Redhat Amq Broker
Apache Activemq Artemis
6.1
CVSSv3
CVE-2022-35278
In Apache ActiveMQ Artemis before 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.
Apache Activemq Artemis
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
7.5
CVSSv3
CVE-2022-23913
In Apache ActiveMQ Artemis before 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.
Apache Activemq Artemis
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
6.1
CVSSv3
CVE-2020-13947
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 up to and including 5.16.0.
Apache Activemq
Oracle Communications Session Route Manager
Oracle Communications Session Report Manager
7.5
CVSSv3
CVE-2021-26117
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users ...
Apache Activemq
Apache Activemq Artemis
Netapp Oncommand Workflow Automation -
Debian Debian Linux 9.0
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Communications Session Report Manager
Oracle Communications Element Manager
Oracle Communications Session Route Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »