PT-2021-16959 · Apache · Apache Activemq Artemis

Francesco Marchioni

Published

2021-01-27

Updated

2026-06-15

CVE-2021-26118

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Artemis version 2.15.0

Description The creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis bypassed policy-based access control for the entire session. This occurred because the production of advisory messages was not subject to access control in error.

Recommendations For Apache ActiveMQ Artemis version 2.15.0, consider disabling the creation of advisory messages in the OpenWire protocol head until a patch is available. Restrict access to the OpenWire protocol to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287

Related Identifiers

CVE-2021-26118

GHSA-Q7FR-VQHQ-V5XR

Affected Products

Apache Activemq Artemis

PT-2021-16959 · Apache · Apache Activemq Artemis

CVE-2021-26118

Weakness Enumeration

Related Identifiers

Affected Products

References · 17