Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
690
VMScore

CVE-2020-13920

CVSSv4: NA | CVSSv3: 5.9 | CVSSv2: 4.3 | VMScore: 690 | EPSS: 0.00225 | KEV: Not Included
Published: 10/09/2020 Updated: 21/11/2024

Vulnerability Summary

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache activemq

oracle communications diameter signaling router

oracle flexcube private banking 12.0.0

oracle flexcube private banking 12.1.0

debian debian linux 9.0

Mailing Lists

Full Disclosure: [CVE-2020-13920] ActiveMQ JMX vulenarable to MITM attack
CVE-2020-13920: Apache ActiveMQ JMX is vulnerable to a MITM attack Severity: Moderate Vendor: The Apache Software Foundation Affected Version: Apache ActiveMQ version prior to 51512 Vulnerability details: Apache ActiveMQ uses LocateRegistrycreateRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry It is possi ...

References

CWE-306https://nvd.nist.govhttp://seclists.org/oss-sec/2020/q3/167https://www.first.org/epsshttp://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txthttps://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/10/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2023/11/msg00013.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txthttps://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/10/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2023/11/msg00013.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
Preferred Score:
VMScore
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-2538CVE-2025-24813CVE-2024-57440CVE-2024-48591kube-apiserverCVE-2025-20014universal traffic recorder appCVE-2025-2557rediscode-projectsspoofbypasslocal
Home
/
Search Results
/
CVE-2020-13920
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook