CVE-2023-46604

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.15.16, prior to 5.16.7, prior to 5.17.6, and prior to 5.18.3

Description Apache ActiveMQ is vulnerable to Remote Code Execution (RCE). This vulnerability allows a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker to instantiate any class on the classpath. This flaw has been actively exploited in the wild by threat actors, including those deploying ransomware such as HelloKitty and Mauri, and has been observed being used to install malware like DripDropper and Kinsing. The vulnerability is tracked as CVE-2023-46604 and has a CVSS score of 10.0 (Critical). Exploitation has been observed through various methods, including the use of a publicly available PoC exploit and the deployment of malicious payloads via HTTP. The exploitation of this vulnerability has been linked to multiple threat actors and campaigns.

Recommendations Upgrade Apache ActiveMQ to version 5.15.16 or later, version 5.16.7 or later, version 5.17.6 or later, or version 5.18.3 or later.