Article - CS404351
Security vulnerability identified in Apache ActiveMQ - CVE-2023-46604
Modified: 08-Nov-2023
Applies To
- Axeda - Platform All
Description
- CVSS 3.1 Score: 10.0 Critical
- CVSS 3.1 Vector String: AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
- CWE: Deserialization of Untrusted Data, CWE-502
- Apache ActiveMQ is vulnerable to Remote Code Execution
- The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath
- Common Vulnerabilities and Exposures: CVE-2023-46604 has been assigned to this vulnerability
This is a printer-friendly version of Article 404351 and may be out of date. For the latest version click CS404351