ActiveMQ OpenWire RCE (CVE-2023-46604)

Description

ActiveMQ has an OpenWire-protocol broker on TCP port 61616. It allows unauthenticated attackers to manipulate serialized class types leading to arbitrary code execution.

Remediation

Upgrade to the latest version of ActiveMQ

References

Update on CVE-2023-46604

Related Vulnerabilities

WordPress Plugin Otter-Gutenberg Blocks-Page Builder for Gutenberg Editor & FSE PHAR Deserialization (2.2.5)

RCE with Spring Data Commons

Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more PHAR Deserialization (2.9.8.5)

ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)

Severity

Critical

Classification

CVE-2023-46604 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H