vulnerability
Ubuntu: (Multiple Advisories) (CVE-2023-46604): Apache ActiveMQ vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:P/I:C/A:C) | Oct 27, 2023 | Jul 24, 2024 | Nov 25, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:P/I:C/A:C)
Published
Oct 27, 2023
Added
Jul 24, 2024
Modified
Nov 25, 2025
Description
The Java OpenWire protocol marshaller is vulnerable to Remote Code
Execution. This vulnerability may allow a remote attacker with network
access to either a Java-based OpenWire broker or client to run arbitrary
shell commands by manipulating serialized class types in the OpenWire
protocol to cause either the client or the broker (respectively) to
instantiate any class on the classpath.
Users are recommended to upgrade
both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3
which fixes this issue.
Solutions
ubuntu-pro-upgrade-activemqubuntu-pro-upgrade-libactivemq-java
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.