Rapid7 Vulnerability & Exploit Database

Debian: CVE-2021-26117: activemq -- security update

Back to Search

Debian: CVE-2021-26117: activemq -- security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
01/27/2021
Created
03/09/2021
Added
03/08/2021
Modified
03/08/2021

Description

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

Solution(s)

  • debian-upgrade-activemq

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;