This vulnerability allows remote malicious users to execute arbitrary code on affected installations of Delta Electronics InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Apache ActiveMQ broker, which listens on TCP port 61616 by default. The issue results from the use of a vulnerable version of Apache ActiveMQ. An attacker can leverage this vulnerability to execute code in the context of the service account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache activemq |
||
apache activemq legacy openwire module |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Over a week later and barely any patches for the 10/10 vulnerability have been applied
Security researchers have confirmed that ransomware criminals are capitalizing on a maximum-severity vulnerability in Apache ActiveMQ. Announced on October 25 and tracked as CVE-2023-46604, the insecure deserialization vulnerability allows for remote code execution (RCE) on affected versions. "Apache ActiveMQ is vulnerable to remote code execution," Apache said in its advisory. "The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manip...