exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2020-11998

больше 5 лет назад

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13

CVSS3: 9.8

EPSS: Низкий

CVE-2020-11998

больше 5 лет назад

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13

CVSS3: 9.8

EPSS: Низкий

CVE-2020-11998

больше 5 лет назад

A regression has been introduced in the commit preventing JMX re-bind. ...

CVSS3: 9.8

EPSS: Низкий

GHSA-wqfh-9m4g-7x6x

почти 4 года назад

Remote code execution in Apache ActiveMQ

CVSS3: 9.8

EPSS: Низкий

BDU:2021-00781

около 5 лет назад

Уязвимость программной платформы Apache ActiveMQ, связанная с отсутствием защиты служебных данных, позволяющая нарушителю выполнить произвольный код

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2020-11998 A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13	CVSS3: 9.8	8% Низкий	больше 5 лет назад
CVE-2020-11998 A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13	CVSS3: 9.8	8% Низкий	больше 5 лет назад
CVE-2020-11998 A regression has been introduced in the commit preventing JMX re-bind. ...	CVSS3: 9.8	8% Низкий	больше 5 лет назад
GHSA-wqfh-9m4g-7x6x Remote code execution in Apache ActiveMQ	CVSS3: 9.8	8% Низкий	почти 4 года назад
BDU:2021-00781 Уязвимость программной платформы Apache ActiveMQ, связанная с отсутствием защиты служебных данных, позволяющая нарушителю выполнить произвольный код	CVSS3: 9.8	8% Низкий	около 5 лет назад

Уязвимостей на страницу