Description

ActiveMQ has an OpenWire-protocol broker on TCP port 61616. It allows unauthenticated attackers to manipulate serialized class types leading to arbitrary code execution.

Remediation

Upgrade to the latest version of ActiveMQ

References

Update on CVE-2023-46604

Related Vulnerabilities

WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.4)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.19)

XML External Entity Injection via external file

Xdebug remote code execution via xdebug.remote_connect_back

WordPress Plugin Migration, Backup, Staging-WPvivid PHAR Deserialization (0.9.74)

Severity

Critical

Classification

CVE-2023-46604 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

Tags

Insecure Deserialization Acumonitor