CVE-2023-46604
ADVISORY - githubSummary
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
EPSS Score: 0.94436 (1.000)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Deserialization of Untrusted Data
ADVISORY - github
Deserialization of Untrusted Data
ADVISORY - gitlab
ADVISORY - redhat
Deserialization of Untrusted Data
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-46604
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
10criticalGitHub
CREATED
UPDATED
ADVISORY IDGHSA-crg9-44h2-xw35
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
10criticalDebian
CREATED
UPDATED
ADVISORY IDCVE-2023-46604
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-46604
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
9.8highBitnami
CREATED
UPDATED
ADVISORY ID
BIT-activemq-2023-46604
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AcriticalRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2023-46604
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
9.8criticalintheWild
CREATED
UPDATED
ADVISORY IDCVE-2023-46604
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CISA
CREATED
UPDATED
ADVISORY ID
CVE-2023-46604
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-