Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache activemq vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-3576
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ prior to 5.11.0 allows remote malicious users to cause a denial of service (shutdown) via a shutdown command.
Apache Activemq
Oracle Business Intelligence Publisher 12.2.1.0.0
Oracle Fusion Middleware 11.1.1.7.4
Oracle Fusion Middleware 9.0
Oracle Fusion Middleware 12.1.3.0.0
Oracle Fusion Middleware 8.1
5.8
CVSSv2
CVE-2018-11775
TLS hostname verification when using the Apache ActiveMQ Client prior to 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
Apache Activemq
Oracle Flexcube Private Banking 2.2.0.1
Oracle Enterprise Repository 12.1.3.0.0
Oracle Flexcube Private Banking 2.0.0.0
Oracle Flexcube Private Banking 12.0.1.0
Oracle Flexcube Private Banking 12.0.3.0
Oracle Flexcube Private Banking 12.1.0.0
1 Github repository
6.8
CVSSv2
CVE-2020-11969
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache T...
Apache Tomee 7.0.0
Apache Tomee 8.0.0
Apache Tomee
7.5
CVSSv2
CVE-2020-11998
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/doc...
Apache Activemq 5.15.12
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager
Oracle Communications Session Route Manager
Oracle Communications Session Report Manager
1 Github repository
6.8
CVSSv2
CVE-2020-13931
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addr...
Apache Tomee 7.0.0
Apache Tomee 8.0.0
Apache Tomee
5
CVSSv2
CVE-2018-1310
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache Ni...
Apache Nifi
5
CVSSv2
CVE-2019-0222
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
Apache Activemq
Netapp E-series Santricity Web Services -
Oracle Enterprise Repository 12.1.3.0.0
Oracle Enterprise Manager Base Platform 13.2.0.0.0
Oracle Enterprise Manager Base Platform 12.1.0.5.0
Oracle Enterprise Manager Base Platform 13.3.0.0.0
Oracle Goldengate Stream Analytics
Oracle Identity Manager Connector 9.0
Oracle Communications Diameter Signaling Router 8.2.1
Oracle Communications Diameter Signaling Router 8.0.0
Oracle Communications Diameter Signaling Router 8.1
Oracle Communications Diameter Signaling Router 8.2
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2020-1941
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
Apache Activemq
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Element Manager 8.1.1
Oracle Communications Diameter Signaling Router
Oracle Communications Session Report Manager 8.1.1
Oracle Communications Session Report Manager 8.2.0
Oracle Communications Session Report Manager 8.2.1
Oracle Communications Session Route Manager 8.1.1
Oracle Communications Session Route Manager 8.2.0
Oracle Communications Session Route Manager 8.2.1
5
CVSSv2
CVE-2014-7816
Directory traversal vulnerability in JBoss Undertow 1.0.x prior to 1.0.17, 1.1.x prior to 1.1.0.CR5, and 1.2.x prior to 1.2.0.Beta3, when running on Windows, allows remote malicious users to read arbitrary files via a .. (dot dot) in a resource URI.
Redhat Undertow
NA
CVE-2024-32114
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with th...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »