cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-50780,https://securityvulnerability.io/vulnerability/CVE-2023-50780,Arbitrary File Write Vulnerability in ActiveMQ Artemis Could Lead to RCE,"The vulnerability in Apache ActiveMQ Artemis originates from the unauthorized exposure of diagnostic information and control mechanisms through MBeans, particularly accessible via the authenticated Jolokia endpoint. Prior to version 2.29.0, the Log4J2 MBean was also part of this exposure, which is not intended for non-administrative user access. An authenticated attacker can leverage this situation to write arbitrary files to the filesystem, paving the way for potential remote code execution. It is strongly recommended that users upgrade to version 2.29.0 or later to mitigate this risk.",Apache,Apache ActiveMQ Artemis,8.8,HIGH,0.0006500000017695129,false,,false,false,true,2024-12-18T07:07:24.000Z,true,false,false,,2024-10-14T16:03:38.321Z,0
CVE-2022-35278,https://securityvulnerability.io/vulnerability/CVE-2022-35278,HTML Injection in ActiveMQ Artemis Web Console,"In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.",Apache,Apache ActiveMQ Artemis,6.1,MEDIUM,0.0029100000392645597,false,,false,false,false,,,false,false,,2022-08-23T00:00:00.000Z,0
CVE-2022-23913,https://securityvulnerability.io/vulnerability/CVE-2022-23913,Apache ActiveMQ Artemis DoS,"In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.",Apache,Apache ActiveMQ Artemis,7.5,HIGH,0.0013599999947473407,false,,false,false,false,,,false,false,,2022-02-04T22:33:01.000Z,0
CVE-2021-26118,https://securityvulnerability.io/vulnerability/CVE-2021-26118,Flaw in ActiveMQ Artemis OpenWire support,While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.,Apache,Apache ActiveMQ Artemis,7.5,HIGH,0.0023300000466406345,false,,false,false,false,,,false,false,,2021-01-27T18:55:13.000Z,0
CVE-2020-13932,https://securityvulnerability.io/vulnerability/CVE-2020-13932,,"In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.",Apache,Apache ActiveMQ Artemis,6.1,MEDIUM,0.005400000140070915,false,,false,false,false,,,false,false,,2020-07-20T21:08:34.000Z,0
CVE-2016-4978,https://securityvulnerability.io/vulnerability/CVE-2016-4978,,"The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.",Apache,ActiveMQ Artemis,7.2,HIGH,0.01157000008970499,false,,false,false,false,,,false,false,,2016-09-27T15:00:00.000Z,0