Apache

Activemq

58 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-41678

Medienbericht
  • EPSS 93.14%
  • Veröffentlicht 28.11.2023 16:15:06
  • Zuletzt bearbeitet 03.11.2025 22:16:00

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandle...

9.8

CVE-2023-46604

Warnung Medienbericht Exploit
  • EPSS 94.44%
  • Veröffentlicht 27.10.2023 15:15:14
  • Zuletzt bearbeitet 04.11.2025 16:41:16

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating seria...

9.8

CVE-2021-21350

Exploit
  • EPSS 8.76%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:43:08

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is a...

9.8

CVE-2021-21347

Exploit
  • EPSS 3.29%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:41:49

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

7.8

CVE-2021-21348

  • EPSS 0.26%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:42:08

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is aff...

8.6

CVE-2021-21349

Exploit
  • EPSS 6.75%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:42:48

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipul...

9.1

CVE-2021-21351

Exploit
  • EPSS 92%
  • Veröffentlicht 23.03.2021 00:15:13
  • Zuletzt bearbeitet 23.05.2025 17:34:20

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed inpu...

9.8

CVE-2021-21346

Exploit
  • EPSS 3.67%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:29

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...

9.9

CVE-2021-21345

Exploit
  • EPSS 88.09%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:41:10

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the proc...

9.8

CVE-2021-21344

Exploit
  • EPSS 30.6%
  • Veröffentlicht 23.03.2021 00:15:12
  • Zuletzt bearbeitet 23.05.2025 17:40:53

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processe...