Rapid7 Vulnerability & Exploit Database

ApacheMQ: CVE-2024-32114: Insecure Default Initialization of Resource

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

ApacheMQ: CVE-2024-32114: Insecure Default Initialization of Resource

Severity
8
CVSS
(AV:A/AC:L/Au:N/C:C/I:N/A:C)
Published
05/02/2024
Created
08/22/2024
Added
08/20/2024
Modified
08/22/2024

Description

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API). This issue is being tracked as AMQ-9477.

Solution(s)

  • apache-activemq-cve-2024-32114

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;