Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Activemq
(Apache)| Repositories | https://github.com/apache/activemq |
| #Vulnerabilities | 63 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-03-23 | CVE-2021-21344 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have... | Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Mysql_server, Retail_xstore_point_of_service, Webcenter_portal, Xstream | 9.8 | ||
| 2021-03-23 | CVE-2021-21345 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will... | Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Peoplesoft_enterprise_peopletools, Retail_xstore_point_of_service, Webcenter_portal, Xstream | 9.9 | ||
| 2021-03-23 | CVE-2021-21347 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have... | Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server, Xstream | 9.8 | ||
| 2021-03-23 | CVE-2021-21348 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Mysql_server, Retail_xstore_point_of_service, Webcenter_portal, Xstream | 7.5 | ||
| 2021-03-23 | CVE-2021-21349 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security... | Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Graalvm, Java_se, Retail_xstore_point_of_service, Webcenter_portal, Xstream | 8.6 | ||
| 2021-03-23 | CVE-2021-21350 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. | Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Retail_xstore_point_of_service, Webcenter_portal, Weblogic_server, Xstream | 9.8 | ||
| 2021-03-23 | CVE-2021-21351 | XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to... | Activemq, Jmeter, Debian_linux, Fedora, Oncommand_insight, Banking_enterprise_default_management, Banking_platform, Banking_virtual_account_management, Business_activity_monitoring, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_policy_management, Communications_unified_inventory_management, Mysql_server, Retail_xstore_point_of_service, Webcenter_portal, Xstream | 9.1 | ||
| 2023-10-27 | CVE-2023-46604 | The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or... | Activemq, Activemq_legacy_openwire_module, Debian_linux, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services_proxy, Santricity_storage_plugin | 9.8 | ||
| 2024-05-02 | CVE-2024-32114 | In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API). To mitigate, users can update the default conf/jetty.xml configuration file to add... | Activemq | 8.8 | ||
| 2016-06-01 | CVE-2016-3088 | The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | Activemq | 9.8 |