Leon Johnson

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 **Description** Incomplete authorization in the server allows authenticated connections to remove existing destinations when they possess the proper permissions. **Recommendations** Upgrade to version 5.19.7. Upgrade to version 6.2.6.

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ versions prior to 5.19.7 Apache ActiveMQ versions 6.0.0 through 6.2.5 **Description** Incorrect default permissions in Jolokia authorization settings allow authenticated low-privilege web-login accounts to access operations intended for administrators. This enables non-admin users to execute broker management operations, such as `addQueue()` and `removeQueue()`. **Recommendations** Update versions prior to 5.19.7 to version 5.19.7. Update versions 6.0.0 through 6.2.5 to version 6.2.6.