Jsjcw

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ versions prior to 5.19.6 Apache ActiveMQ versions 6.0.0 through 6.2.4 Apache ActiveMQ Broker versions prior to 5.19.6 Apache ActiveMQ Broker versions 6.0.0 through 6.2.4 Apache ActiveMQ All versions prior to 5.19.6 Apache ActiveMQ All versions 6.0.0 through 6.2.4 **Description** Improper input validation and improper control of code generation allow an authenticated attacker to perform code injection. By using the admin web console, an attacker can create a malicious broker name that bypasses validation to include an xbean binding. This binding can be utilized by a VM transport to load a remote Spring XML application. The attacker can then use the `DestinationView` mbean to trigger VM transport creation referencing the malicious broker name, leading to the loading of a malicious Spring XML context file. Since `ResourceXmlApplicationContext` instantiates all singleton beans before the `BrokerService` validates the configuration, arbitrary code execution occurs on the broker's JVM via bean factory methods such as `Runtime.exec()`. **Recommendations** Upgrade versions prior to 5.19.6 to 5.19.6. Upgrade versions 6.0.0 through 6.2.4 to 6.2.5.