CVE-2023-46604

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.15.16 Apache ActiveMQ versions 5.16.x prior to 5.16.7 Apache ActiveMQ versions 5.17.x prior to 5.17.6 Apache ActiveMQ versions 5.18.x prior to 5.18.3 Bamboo Data Center versions prior to 9.2.7 Bamboo Data Center versions prior to 9.3.5 Bamboo Data Center versions prior to 9.4.1

Description Apache ActiveMQ is susceptible to a Remote Code Execution (RCE) vulnerability (CVE-2023-46604) due to insecure deserialization of data within the OpenWire protocol. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code on the server. This vulnerability has been actively exploited in the wild by threat actors, including those associated with the HelloKitty, Kinsing, and Mauri ransomware groups, as well as the Tsunami botnet. Attackers have been observed deploying malware, including ransomware, cryptocurrency miners, and DDoS botnets, and in some cases, patching the vulnerability post-exploitation to maintain persistence and evade detection. The vulnerability allows attackers to manipulate serialized class types, enabling them to instantiate any class on the classpath. Exploitation can occur without authentication.

Recommendations Upgrade Apache ActiveMQ to version 5.15.16 or later. Upgrade Apache ActiveMQ to version 5.16.7 or later. Upgrade Apache ActiveMQ to version 5.17.6 or later. Upgrade Apache ActiveMQ to version 5.18.3 or later. Upgrade Bamboo Data Center to version 9.2.7 or later. Upgrade Bamboo Data Center to version 9.3.5 or later. Upgrade Bamboo Data Center to version 9.4.1 or later.