Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache activemq vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-26118
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in e...
Apache Activemq Artemis 2.15.0
Netapp Oncommand Workflow Automation -
9.8
CVSSv3
CVE-2020-13931
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addr...
Apache Tomee 7.0.0
Apache Tomee 8.0.0
Apache Tomee
8.8
CVSSv3
CVE-2020-26217
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote malicious user to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Se...
Xstream Project Xstream
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Snapmanager
Netapp Snapmanager -
Apache Activemq 5.15.4
Oracle Banking Platform 2.4.0
Oracle Communications Policy Management 12.5.0
Oracle Banking Platform 2.7.1
Oracle Banking Platform 2.9.0
Oracle Banking Virtual Account Management 14.3.0
Oracle Business Activity Monitoring 12.2.1.3.0
Oracle Business Activity Monitoring 11.1.1.9.0
Oracle Business Activity Monitoring 12.2.1.4.0
Oracle Retail Xstore Point Of Service 16.0.6
Oracle Retail Xstore Point Of Service 17.0.4
Oracle Retail Xstore Point Of Service 18.0.3
Oracle Retail Xstore Point Of Service 19.0.2
Oracle Banking Virtual Account Management 14.2.0
Oracle Banking Virtual Account Management 14.5.0
Oracle Banking Cash Management 14.2
Oracle Banking Cash Management 14.3
6 Github repositories
9.8
CVSSv3
CVE-2020-11998
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/doc...
Apache Activemq 5.15.12
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager
Oracle Communications Session Route Manager
Oracle Communications Session Report Manager
1 Github repository
5.9
CVSSv3
CVE-2020-13920
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker...
Apache Activemq
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Communications Diameter Signaling Router
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2020-13932
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plu...
Apache Activemq Artemis
5.5
CVSSv3
CVE-2020-10727
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local attacker can use this...
Apache Activemq Artemis
Netapp Oncommand Workflow Automation -
9.8
CVSSv3
CVE-2020-11969
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache T...
Apache Tomee 7.0.0
Apache Tomee 8.0.0
Apache Tomee
6.1
CVSSv3
CVE-2020-1941
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
Apache Activemq
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Element Manager 8.1.1
Oracle Communications Diameter Signaling Router
Oracle Communications Session Report Manager 8.1.1
Oracle Communications Session Report Manager 8.2.0
Oracle Communications Session Report Manager 8.2.1
Oracle Communications Session Route Manager 8.1.1
Oracle Communications Session Route Manager 8.2.0
Oracle Communications Session Route Manager 8.2.1
5.9
CVSSv3
CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string...
Apache Zookeeper 3.5.3
Apache Zookeeper 3.5.0
Apache Zookeeper
Apache Zookeeper 3.5.1
Apache Zookeeper 3.5.2
Apache Zookeeper 3.5.4
Apache Drill 1.16.0
Apache Activemq 5.15.9
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Fuse 1.0.0
Oracle Goldengate Stream Analytics
Oracle Siebel Core - Server Framework
Oracle Timesten In-memory Database
Netapp Hci Bootstrap Os -
Netapp Element Software -
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »