CVE-2020-13932
- EPSS 2.55%
- Veröffentlicht 20.07.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:10
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is tri...
CVE-2020-10727
- EPSS 0.08%
- Veröffentlicht 26.06.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 04:55:56
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation....
CVE-2017-12174
- EPSS 7.41%
- Veröffentlicht 07.03.2018 22:29:00
- Zuletzt bearbeitet 21.11.2024 03:08:59
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutO...
CVE-2016-4978
- EPSS 1.08%
- Veröffentlicht 27.09.2016 15:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages t...