Summary

Acunetix 360 detected ActiveMQ Remote Code Execution (CVE-2023-46604) on the target server. ActiveMQ has an OpenWire-protocol broken on TCP port 61616. It allows unauthenticated attackers to manipulate serialized class types leading to arbitrary code execution.

Impact

An attacker can exploit this vulnerability to run arbitrary code.

Actions To Take

Upgrade to the fixed or newer versions of ActiveMQ. Fixed versions are listed below:

  • 5.15.16
  • 5.16.7
  • 5.17.6
  • 5.18.3
  • 6.0.0

Severity

Critical

Classification

PCI v3.2-6.5.1 CAPEC-242 CWE-94 HIPAA-164.306(a) 164.308(a) ISO27001-A.14.2.5 OWASP 2013-A1 OWASP 2017-A1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H