Published: 15/06/2020 Updated: 22/06/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache TomEE could allow a remote malicious user to bypass security restrictions, caused by a flaw when the embedded ActiveMQ broker is used. By sending a specially-crafted request using the the useJMX=true parameter, an attacker could exploit this vulnerability to cause the JMX port to be open.

Vulnerability Trend

Mailing Lists

CVE-2020-11969: Apache TomEE - useJMX attribute on ActiveMQ resource adapter URI causes authenticated JMX port to be open Severity: High Vendor: The Apache Software Foundation Versions Affected: Apache TomEE 800-M1 - 801 Apache TomEE 710 - 712 Apache TomEE 700-M1 - 707 Apache TomEE 100 - 175 Description: If Apache TomEE is confi ...