CVE Vulnerabilities

CVE-2020-11998

Published: Sep 10, 2020 | Modified: Nov 07, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code. Mitigation: Upgrade to Apache ActiveMQ 5.15.13

Affected Software

Name Vendor Start Version End Version
Activemq Apache 5.15.12 (including) 5.15.12 (including)
Activemq Ubuntu bionic *
Activemq Ubuntu groovy *
Activemq Ubuntu hirsute *
Activemq Ubuntu impish *
Activemq Ubuntu kinetic *
Activemq Ubuntu lunar *
Activemq Ubuntu mantic *
Activemq Ubuntu trusty *
Activemq Ubuntu xenial *

References