CVE-2020-13920

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.15.12

Description The issue allows an attacker to connect to the JMX RMI registry without authentication and rebind the jmxrmi entry. By creating a proxy server, an attacker can intercept user credentials.

Recommendations For versions prior to 5.15.12, upgrade to Apache ActiveMQ 5.15.12 to resolve the issue.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BIT-ACTIVEMQ-2020-13920

CVE-2020-13920

DLA-2400-1

DLA-3657-1

GHSA-XGRX-XPV2-6VP4

USN-6910-1

Affected Products

Apache Activemq

Linuxmint

Ubuntu

CVE-2020-13920

Weakness Enumeration

Related Identifiers

Affected Products

References · 43