发布时间: 2023年11月3日
修改时间: 2023年11月3日
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 10.0 | 10.0 |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Changed | Changed |
| Confidentiality | Low | Low |
| Integrity | High | High |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1923 | activemq security update | 2023年11月3日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | activemq | Fixed |
| KY3.4-5A | activemq | Fixed |
| KY3.5.1 | activemq | Fixed |
| KY3.5.2 | activemq | Fixed |
