Published: 15/06/2020 Updated: 22/06/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache TomEE could allow a remote malicious user to bypass security restrictions, caused by a flaw when the embedded ActiveMQ broker is used. By sending a specially-crafted request using the the useJMX=true parameter, an attacker could exploit this vulnerability to cause the JMX port to be open.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomee

apache tomee 7.0.0

apache tomee 8.0.0

Mailing Lists

CVE-2020-11969: Apache TomEE - useJMX attribute on ActiveMQ resource adapter URI causes authenticated JMX port to be open Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache TomEE 800-M1 - 801 Apache TomEE 710 - 712 Apache TomEE 700-M1 - 707 Apache TomEE 100 - 175 Description: If Apache TomEE is confi ...