CVE-2021-26117
- EPSS 11.24%
- Veröffentlicht 27.01.2021 19:15:13
- Zuletzt bearbeitet 15.06.2026 13:03:40
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is...
CVE-2021-26118
- EPSS 4.01%
- Veröffentlicht 27.01.2021 19:15:13
- Zuletzt bearbeitet 15.06.2026 13:03:40
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not ...
CVE-2020-13932
- EPSS 4.31%
- Veröffentlicht 20.07.2020 22:15:11
- Zuletzt bearbeitet 15.06.2026 13:03:40
In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is tri...
CVE-2020-10727
- EPSS 0.69%
- Veröffentlicht 26.06.2020 16:15:12
- Zuletzt bearbeitet 15.06.2026 13:03:40
A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user inadvertently stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation....
CVE-2017-12174
- EPSS 5.97%
- Veröffentlicht 07.03.2018 22:29:00
- Zuletzt bearbeitet 15.06.2026 13:03:40
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutO...
CVE-2016-4978
- EPSS 6.92%
- Veröffentlicht 27.09.2016 15:59:01
- Zuletzt bearbeitet 15.06.2026 13:03:40
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages t...