Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
activemq vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2018-11775
TLS hostname verification when using the Apache ActiveMQ Client prior to 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
Apache Activemq
Oracle Flexcube Private Banking 2.2.0.1
Oracle Enterprise Repository 12.1.3.0.0
Oracle Flexcube Private Banking 2.0.0.0
Oracle Flexcube Private Banking 12.0.1.0
Oracle Flexcube Private Banking 12.0.3.0
Oracle Flexcube Private Banking 12.1.0.0
1 Github repository
7.5
CVSSv2
CVE-2020-11998
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/doc...
Apache Activemq 5.15.12
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager
Oracle Communications Session Route Manager
Oracle Communications Session Report Manager
1 Github repository
4.3
CVSSv2
CVE-2019-0201
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string...
Apache Zookeeper 3.5.3
Apache Zookeeper 3.5.0
Apache Zookeeper
Apache Zookeeper 3.5.1
Apache Zookeeper 3.5.2
Apache Zookeeper 3.5.4
Apache Drill 1.16.0
Apache Activemq 5.15.9
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Fuse 1.0.0
Oracle Goldengate Stream Analytics
Oracle Siebel Core - Server Framework
Oracle Timesten In-memory Database
Netapp Hci Bootstrap Os -
Netapp Element Software -
1 Article
5
CVSSv2
CVE-2019-0222
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
Apache Activemq
Netapp E-series Santricity Web Services -
Oracle Enterprise Repository 12.1.3.0.0
Oracle Enterprise Manager Base Platform 13.2.0.0.0
Oracle Enterprise Manager Base Platform 12.1.0.5.0
Oracle Enterprise Manager Base Platform 13.3.0.0.0
Oracle Goldengate Stream Analytics
Oracle Identity Manager Connector 9.0
Oracle Communications Diameter Signaling Router 8.2.1
Oracle Communications Diameter Signaling Router 8.0.0
Oracle Communications Diameter Signaling Router 8.1
Oracle Communications Diameter Signaling Router 8.2
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2020-1941
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
Apache Activemq
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Element Manager 8.1.1
Oracle Communications Diameter Signaling Router
Oracle Communications Session Report Manager 8.1.1
Oracle Communications Session Report Manager 8.2.0
Oracle Communications Session Report Manager 8.2.1
Oracle Communications Session Route Manager 8.1.1
Oracle Communications Session Route Manager 8.2.0
Oracle Communications Session Route Manager 8.2.1
5
CVSSv2
CVE-2013-5488
Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS), Cisco Security Manager, Cisco Unified Service Monitor, and Cisco Unified Operations Manager, does not properly interact with the ActiveMQ component, which allows remote malicious users to cause a denial ...
Cisco Unified Operations Manager -
Cisco Prime Lan Management Solution -
Cisco Unified Service Monitor -
Cisco Security Manager
5
CVSSv2
CVE-2014-7816
Directory traversal vulnerability in JBoss Undertow 1.0.x prior to 1.0.17, 1.1.x prior to 1.1.0.CR5, and 1.2.x prior to 1.2.0.Beta3, when running on Windows, allows remote malicious users to read arbitrary files via a .. (dot dot) in a resource URI.
Redhat Undertow
10
CVSSv2
CVE-2015-3435
Samsung Security Manager (SSM) prior to 1.31 allows remote malicious users to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.
Samsung Samsung Security Manager
6.8
CVSSv2
CVE-2020-11969
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache T...
Apache Tomee 7.0.0
Apache Tomee 8.0.0
Apache Tomee
5
CVSSv2
CVE-2018-1310
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache Ni...
Apache Nifi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »