Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/activemq@5.14.3-3

Type deb

Namespace debian

Name activemq

Version 5.14.3-3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.17.6+dfsg-2

Latest_non_vulnerable_version 5.17.6+dfsg-2

Affected_by_vulnerabilities

url VCID-18k1-3h2s-8uex

vulnerability_id VCID-18k1-3h2s-8uex

summary

Apache ActiveMQ webconsole admin GUI is open to XSS
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

references

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1941.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1941.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1941

reference_id

reference_type

scores

value	0.08938
scoring_system	epss
scoring_elements	0.9259
published_at	2026-04-12T12:55:00Z

value	0.08938
scoring_system	epss
scoring_elements	0.92589
published_at	2026-04-13T12:55:00Z

value	0.08938
scoring_system	epss
scoring_elements	0.92583
published_at	2026-04-09T12:55:00Z

value	0.08938
scoring_system	epss
scoring_elements	0.92578
published_at	2026-04-08T12:55:00Z

value	0.08938
scoring_system	epss
scoring_elements	0.92565
published_at	2026-04-04T12:55:00Z

value	0.08938
scoring_system	epss
scoring_elements	0.92558
published_at	2026-04-02T12:55:00Z

value	0.08938
scoring_system	epss
scoring_elements	0.92552
published_at	2026-04-01T12:55:00Z

value	0.08938
scoring_system	epss
scoring_elements	0.92567
published_at	2026-04-07T12:55:00Z

value	0.08938
scoring_system	epss
scoring_elements	0.92602
published_at	2026-04-18T12:55:00Z

value	0.08938
scoring_system	epss
scoring_elements	0.92603
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1941

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/7793a95

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/7793a95

reference_url

https://github.com/apache/activemq/commit/81bd743eaa243f0cc5dfbb1342cee1fef1fc5df2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/81bd743eaa243f0cc5dfbb1342cee1fef1fc5df2

reference_url

https://github.com/apache/activemq/commit/c0e17a3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/c0e17a3

reference_url

https://issues.apache.org/jira/browse/AMQ-7231

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-7231

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1941

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1941

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1848045
reference_id	1848045
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1848045

reference_url

https://github.com/advisories/GHSA-cc94-3v9c-7rm8

reference_id

GHSA-cc94-3v9c-7rm8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cc94-3v9c-7rm8

fixed_packages

url pkg:deb/debian/activemq@5.16.1-1

purl pkg:deb/debian/activemq@5.16.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.16.1-1

aliases CVE-2020-1941, GHSA-cc94-3v9c-7rm8

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-18k1-3h2s-8uex

url VCID-37ws-cqf7-4udm

vulnerability_id VCID-37ws-cqf7-4udm

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13947

reference_id

reference_type

scores

value	0.04029
scoring_system	epss
scoring_elements	0.885
published_at	2026-04-18T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88489
published_at	2026-04-13T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88435
published_at	2026-04-01T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88504
published_at	2026-04-16T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.8849
published_at	2026-04-12T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88497
published_at	2026-04-11T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88487
published_at	2026-04-09T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88481
published_at	2026-04-08T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88462
published_at	2026-04-07T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88459
published_at	2026-04-04T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88443
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13947

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80

reference_url

https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1

reference_url

https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13947

reference_id

CVE-2020-13947

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13947

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt

reference_id

CVE-2020-13947-ANNOUNCEMENT.TXT

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt

reference_url

https://github.com/advisories/GHSA-66gw-ch5v-74v8

reference_id

GHSA-66gw-ch5v-74v8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-66gw-ch5v-74v8

fixed_packages

url pkg:deb/debian/activemq@5.16.1-1

purl pkg:deb/debian/activemq@5.16.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.16.1-1

aliases CVE-2020-13947, GHSA-66gw-ch5v-74v8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37ws-cqf7-4udm

url VCID-5kmj-whmc-4bfa

vulnerability_id VCID-5kmj-whmc-4bfa

summary When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15709.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15709.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15709

reference_id

reference_type

scores

value	0.65728
scoring_system	epss
scoring_elements	0.9851
published_at	2026-04-18T12:55:00Z

value	0.65728
scoring_system	epss
scoring_elements	0.98509
published_at	2026-04-16T12:55:00Z

value	0.65728
scoring_system	epss
scoring_elements	0.98503
published_at	2026-04-12T12:55:00Z

value	0.65728
scoring_system	epss
scoring_elements	0.98504
published_at	2026-04-13T12:55:00Z

value	0.65728
scoring_system	epss
scoring_elements	0.98501
published_at	2026-04-09T12:55:00Z

value	0.65728
scoring_system	epss
scoring_elements	0.985
published_at	2026-04-08T12:55:00Z

value	0.65728
scoring_system	epss
scoring_elements	0.98493
published_at	2026-04-02T12:55:00Z

value	0.65728
scoring_system	epss
scoring_elements	0.98491
published_at	2026-04-01T12:55:00Z

value	0.65728
scoring_system	epss
scoring_elements	0.98496
published_at	2026-04-07T12:55:00Z

value	0.65728
scoring_system	epss
scoring_elements	0.98495
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15709

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url	https://github.com/apache/activemq/commit/5fa0bbd5156f29d97dcf48fd9fdb6a0488a8df1a
reference_id
reference_type
scores
url	https://github.com/apache/activemq/commit/5fa0bbd5156f29d97dcf48fd9fdb6a0488a8df1a

reference_url

https://github.com/apache/activemq/commit/8ff18c5e254bf43395f2e0d7e3a1092b33ec646

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/8ff18c5e254bf43395f2e0d7e3a1092b33ec646

reference_url

https://github.com/apache/activemq/commit/d2e49be3a8f21d862726c1f6bc9e1caa6ee8b58

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/d2e49be3a8f21d862726c1f6bc9e1caa6ee8b58

reference_url

https://issues.apache.org/jira/browse/AMQ-6871

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-6871

reference_url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2b6f04a552c6ec2de6563c2df3bba813f0fe9c7e22cce27b7829db89@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1548057
reference_id	1548057
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1548057

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890352
reference_id	890352
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890352

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15709

reference_id

CVE-2017-15709

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15709

reference_url

https://github.com/advisories/GHSA-7qm4-p377-fr2r

reference_id

GHSA-7qm4-p377-fr2r

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7qm4-p377-fr2r

fixed_packages

url pkg:deb/debian/activemq@5.15.8-2

purl pkg:deb/debian/activemq@5.15.8-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18k1-3h2s-8uex

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-6fqa-fzda-x3ej

vulnerability	VCID-9z4y-wq57-vyaf

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.15.8-2

aliases CVE-2017-15709, GHSA-7qm4-p377-fr2r

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5kmj-whmc-4bfa

url VCID-6fqa-fzda-x3ej

vulnerability_id VCID-6fqa-fzda-x3ej

summary

Improper Authentication in Apache ActiveMQ and Apache Artemis
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26117.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26117.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26117

reference_id

reference_type

scores

value	0.09941
scoring_system	epss
scoring_elements	0.9304
published_at	2026-04-18T12:55:00Z

value	0.09941
scoring_system	epss
scoring_elements	0.93037
published_at	2026-04-16T12:55:00Z

value	0.09941
scoring_system	epss
scoring_elements	0.93027
published_at	2026-04-13T12:55:00Z

value	0.09941
scoring_system	epss
scoring_elements	0.93026
published_at	2026-04-12T12:55:00Z

value	0.09941
scoring_system	epss
scoring_elements	0.93028
published_at	2026-04-11T12:55:00Z

value	0.09941
scoring_system	epss
scoring_elements	0.93023
published_at	2026-04-09T12:55:00Z

value	0.09941
scoring_system	epss
scoring_elements	0.93019
published_at	2026-04-08T12:55:00Z

value	0.09941
scoring_system	epss
scoring_elements	0.92999
published_at	2026-04-01T12:55:00Z

value	0.09941
scoring_system	epss
scoring_elements	0.93011
published_at	2026-04-07T12:55:00Z

value	0.09941
scoring_system	epss
scoring_elements	0.93008
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26117

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26117
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26117

reference_url

https://github.com/apache/activemq/commit/46a774c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/46a774c

reference_url

https://github.com/apache/activemq/commit/73e291693d59a96c0054fc7e7e09c2c67b192911

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/73e291693d59a96c0054fc7e7e09c2c67b192911

reference_url

https://issues.apache.org/jira/browse/AMQ-8035

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-8035

reference_url

https://issues.apache.org/jira/browse/ARTEMIS-2895

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/ARTEMIS-2895

reference_url

https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r22cdc0fb45e223ac92bc2ceff7af92f1193dfc614c8b248534456229@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r22cdc0fb45e223ac92bc2ceff7af92f1193dfc614c8b248534456229@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r22cdc0fb45e223ac92bc2ceff7af92f1193dfc614c8b248534456229%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r22cdc0fb45e223ac92bc2ceff7af92f1193dfc614c8b248534456229%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3341d96d8f956e878fb7b463b08d57ca1d58fec9c970aee929b58e0d@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3341d96d8f956e878fb7b463b08d57ca1d58fec9c970aee929b58e0d@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3341d96d8f956e878fb7b463b08d57ca1d58fec9c970aee929b58e0d%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3341d96d8f956e878fb7b463b08d57ca1d58fec9c970aee929b58e0d%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r519bfafd67091d0b91243efcb1c49b1eea27321355ba5594f679277d@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r519bfafd67091d0b91243efcb1c49b1eea27321355ba5594f679277d@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r519bfafd67091d0b91243efcb1c49b1eea27321355ba5594f679277d%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r519bfafd67091d0b91243efcb1c49b1eea27321355ba5594f679277d%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5899ece90bcae5805ad6142fdb05c58595cff19cb2e98cc58a91f55b@%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5899ece90bcae5805ad6142fdb05c58595cff19cb2e98cc58a91f55b@%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5899ece90bcae5805ad6142fdb05c58595cff19cb2e98cc58a91f55b%40%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5899ece90bcae5805ad6142fdb05c58595cff19cb2e98cc58a91f55b%40%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r70389648227317bdadcdecbd9f238571a6047469d156bd72bb0ca2f7@%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r70389648227317bdadcdecbd9f238571a6047469d156bd72bb0ca2f7@%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r70389648227317bdadcdecbd9f238571a6047469d156bd72bb0ca2f7%40%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r70389648227317bdadcdecbd9f238571a6047469d156bd72bb0ca2f7%40%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra255ddfc8b613b80e9fa22ff3e106168b245f38a22316bfb54d21159@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra255ddfc8b613b80e9fa22ff3e106168b245f38a22316bfb54d21159@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra255ddfc8b613b80e9fa22ff3e106168b245f38a22316bfb54d21159%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra255ddfc8b613b80e9fa22ff3e106168b245f38a22316bfb54d21159%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raea451de09baed76950d6a60cc4bb1b74476c505e03205a3c68c9808@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raea451de09baed76950d6a60cc4bb1b74476c505e03205a3c68c9808@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/raea451de09baed76950d6a60cc4bb1b74476c505e03205a3c68c9808%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/raea451de09baed76950d6a60cc4bb1b74476c505e03205a3c68c9808%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd05b1c9d61dbd220664d559aa0e2b55e5830f006a09e82057f3f7863@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd05b1c9d61dbd220664d559aa0e2b55e5830f006a09e82057f3f7863@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd05b1c9d61dbd220664d559aa0e2b55e5830f006a09e82057f3f7863%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd05b1c9d61dbd220664d559aa0e2b55e5830f006a09e82057f3f7863%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd75600cee29cb248d548edcf6338fe296466d63a69e2ed0afc439ec7@%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd75600cee29cb248d548edcf6338fe296466d63a69e2ed0afc439ec7@%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rd75600cee29cb248d548edcf6338fe296466d63a69e2ed0afc439ec7%40%3Cissues.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rd75600cee29cb248d548edcf6338fe296466d63a69e2ed0afc439ec7%40%3Cissues.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re1b98da90a5f2e1c2e2d50e31c12e2578d61fe01c0737f9d0bd8de99@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re1b98da90a5f2e1c2e2d50e31c12e2578d61fe01c0737f9d0bd8de99@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re1b98da90a5f2e1c2e2d50e31c12e2578d61fe01c0737f9d0bd8de99%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re1b98da90a5f2e1c2e2d50e31c12e2578d61fe01c0737f9d0bd8de99%40%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec93794f8aeddf8a5f1a643d264b4e66b933f06fd72a38f31448f0ac@%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec93794f8aeddf8a5f1a643d264b4e66b933f06fd72a38f31448f0ac@%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rec93794f8aeddf8a5f1a643d264b4e66b933f06fd72a38f31448f0ac%40%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rec93794f8aeddf8a5f1a643d264b4e66b933f06fd72a38f31448f0ac%40%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rffa5cd05d01c4c9853b17f3004d80ea6eb8856c422a8545c5f79b1a6@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rffa5cd05d01c4c9853b17f3004d80ea6eb8856c422a8545c5f79b1a6@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rffa5cd05d01c4c9853b17f3004d80ea6eb8856c422a8545c5f79b1a6%40%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rffa5cd05d01c4c9853b17f3004d80ea6eb8856c422a8545c5f79b1a6%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_url

https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA%40mail.gmail.com%3e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA%40mail.gmail.com%3e

reference_url

https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA@mail.gmail.com%3e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA@mail.gmail.com%3e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-26117

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-26117

reference_url

https://security.netapp.com/advisory/ntap-20210304-0008

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210304-0008

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1921126
reference_id	1921126
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1921126

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982590
reference_id	982590
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982590

reference_url

https://github.com/advisories/GHSA-9mgm-gcq8-86wq

reference_id

GHSA-9mgm-gcq8-86wq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9mgm-gcq8-86wq

reference_url	https://access.redhat.com/errata/RHSA-2020:4154
reference_id	RHSA-2020:4154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4154

reference_url	https://access.redhat.com/errata/RHSA-2020:5365
reference_id	RHSA-2020:5365
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:5365

reference_url	https://access.redhat.com/errata/RHSA-2021:0384
reference_id	RHSA-2021:0384
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0384

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

fixed_packages

url pkg:deb/debian/activemq@5.16.1-1

purl pkg:deb/debian/activemq@5.16.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.16.1-1

aliases CVE-2021-26117, GHSA-9mgm-gcq8-86wq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fqa-fzda-x3ej

url VCID-9z4y-wq57-vyaf

vulnerability_id VCID-9z4y-wq57-vyaf

summary

Code Injection
In Apache ActiveMQ, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

references

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0222.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0222.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0222

reference_id

reference_type

scores

value	0.10284
scoring_system	epss
scoring_elements	0.93166
published_at	2026-04-13T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93165
published_at	2026-04-12T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93168
published_at	2026-04-11T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93147
published_at	2026-04-02T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93187
published_at	2026-04-18T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93183
published_at	2026-04-16T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93162
published_at	2026-04-09T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93158
published_at	2026-04-08T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93149
published_at	2026-04-07T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93151
published_at	2026-04-04T12:55:00Z

value	0.10284
scoring_system	epss
scoring_elements	0.93137
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/98b9f2e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/98b9f2e

reference_url

https://github.com/apache/activemq/commit/f78c0962ffb46fae3397eed6b7ec1e6e15045031

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/f78c0962ffb46fae3397eed6b7ec1e6e15045031

reference_url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485@%3Cdev.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488@%3Cusers.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488@%3Cusers.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa@%3Ccommits.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_url

https://security.netapp.com/advisory/ntap-20190502-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190502-0006

reference_url	https://security.netapp.com/advisory/ntap-20190502-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190502-0006/

reference_url

https://web.archive.org/web/20190404065432/http://www.securityfocus.com/bid/107622

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20190404065432/http://www.securityfocus.com/bid/107622

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.openwall.com/lists/oss-security/2019/03/27/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/03/27/2

reference_url	http://www.securityfocus.com/bid/107622
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/107622

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696012
reference_id	1696012
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696012

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925964
reference_id	925964
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925964

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988109
reference_id	988109
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq::::::::
reference_id	cpe:2.3:a:apache:activemq::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::::*
reference_id	cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:::::::*
reference_id	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:::::::*
reference_id	cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:::::::*
reference_id	cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:goldengate_stream_analytics::::::::
reference_id	cpe:2.3:a:oracle:goldengate_stream_analytics::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:goldengate_stream_analytics::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:identity_manager_connector:9.0:::::::*
reference_id	cpe:2.3:a:oracle:identity_manager_connector:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:identity_manager_connector:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0222

reference_id

CVE-2019-0222

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0222

reference_url

https://github.com/advisories/GHSA-jpv3-g4cc-6vfx

reference_id

GHSA-jpv3-g4cc-6vfx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jpv3-g4cc-6vfx

reference_url	https://access.redhat.com/errata/RHSA-2020:0922
reference_id	RHSA-2020:0922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0922

reference_url	https://access.redhat.com/errata/RHSA-2020:1445
reference_id	RHSA-2020:1445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1445

reference_url	https://usn.ubuntu.com/6685-1/
reference_id	USN-6685-1
reference_type
scores
url	https://usn.ubuntu.com/6685-1/

fixed_packages

url pkg:deb/debian/activemq@5.16.1-1

purl pkg:deb/debian/activemq@5.16.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.16.1-1

aliases CVE-2019-0222, GHSA-jpv3-g4cc-6vfx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9z4y-wq57-vyaf

url VCID-a3nb-p5p6-zbf7

vulnerability_id VCID-a3nb-p5p6-zbf7

summary

Missing Authentication for Critical Function
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13920.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13920.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13920

reference_id

reference_type

scores

value	0.00174
scoring_system	epss
scoring_elements	0.38785
published_at	2026-04-13T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38813
published_at	2026-04-12T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38849
published_at	2026-04-11T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38837
published_at	2026-04-09T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38808
published_at	2026-04-18T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38826
published_at	2026-04-08T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.3883
published_at	2026-04-16T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39352
published_at	2026-04-01T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39451
published_at	2026-04-07T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39537
published_at	2026-04-04T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39514
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13920

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13920
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13920

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/359ae4b

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/359ae4b

reference_url

https://github.com/apache/activemq/commit/48cd61d

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/48cd61d

reference_url

https://github.com/apache/activemq/commit/58382283330f7c7b110c7afd8ef4ca2648786532

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/58382283330f7c7b110c7afd8ef4ca2648786532

reference_url

https://github.com/apache/activemq/commit/b7dca5e

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/b7dca5e

reference_url

https://issues.apache.org/jira/browse/AMQ-7400

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-7400

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1880101
reference_id	1880101
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1880101

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13920

reference_id

CVE-2020-13920

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13920

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt

reference_id

CVE-2020-13920-ANNOUNCEMENT.TXT

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt

reference_url

https://github.com/advisories/GHSA-xgrx-xpv2-6vp4

reference_id

GHSA-xgrx-xpv2-6vp4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xgrx-xpv2-6vp4

reference_url	https://access.redhat.com/errata/RHSA-2021:3205
reference_id	RHSA-2021:3205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3205

reference_url	https://access.redhat.com/errata/RHSA-2021:3207
reference_id	RHSA-2021:3207
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3207

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

fixed_packages

url pkg:deb/debian/activemq@5.16.1-1

purl pkg:deb/debian/activemq@5.16.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.16.1-1

aliases CVE-2020-13920, GHSA-xgrx-xpv2-6vp4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3nb-p5p6-zbf7

url VCID-f5x2-zvxa-yba5

vulnerability_id VCID-f5x2-zvxa-yba5

summary

False positive
This advisory has been marked as a false positive.

references

reference_url

http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46604

reference_id

reference_type

scores

value	0.94436
scoring_system	epss
scoring_elements	0.99987
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604

reference_url

http://seclists.org/fulldisclosure/2024/Apr/18

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

http://seclists.org/fulldisclosure/2024/Apr/18

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc

reference_url

https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d

reference_url

https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f

reference_url

https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436

reference_url

https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0

reference_url

https://github.com/apache/activemq/pull/1098

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/pull/1098

reference_url

https://issues.apache.org/jira/browse/AMQ-9370

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-9370

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_url

https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_url

https://security.netapp.com/advisory/ntap-20231110-0010

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231110-0010

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604

reference_url

https://www.openwall.com/lists/oss-security/2023/10/27/5

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://www.openwall.com/lists/oss-security/2023/10/27/5

reference_url

http://www.openwall.com/lists/oss-security/2023/10/27/5

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/10/27/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909
reference_id	1054909
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2246645
reference_id	2246645
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2246645

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604

reference_id

CVE-2023-46604

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46604

reference_id

CVE-2023-46604

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46604

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt

reference_id

CVE-2023-46604-ANNOUNCEMENT.TXT

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt

reference_url

https://github.com/advisories/GHSA-crg9-44h2-xw35

reference_id

GHSA-crg9-44h2-xw35

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-crg9-44h2-xw35

reference_url

https://security.netapp.com/advisory/ntap-20231110-0010/

reference_id

ntap-20231110-0010

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://security.netapp.com/advisory/ntap-20231110-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:6849
reference_id	RHSA-2023:6849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6849

reference_url	https://access.redhat.com/errata/RHSA-2023:6866
reference_id	RHSA-2023:6866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6866

reference_url	https://access.redhat.com/errata/RHSA-2023:6877
reference_id	RHSA-2023:6877
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6877

reference_url	https://access.redhat.com/errata/RHSA-2023:6878
reference_id	RHSA-2023:6878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6878

reference_url	https://access.redhat.com/errata/RHSA-2023:6879
reference_id	RHSA-2023:6879
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6879

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

reference_url	https://usn.ubuntu.com/7268-1/
reference_id	USN-7268-1
reference_type
scores
url	https://usn.ubuntu.com/7268-1/

fixed_packages

url pkg:deb/debian/activemq@5.17.2%2Bdfsg-2%2Bdeb12u1

purl pkg:deb/debian/activemq@5.17.2%2Bdfsg-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.17.2%252Bdfsg-2%252Bdeb12u1

aliases CVE-2023-46604, GHSA-crg9-44h2-xw35

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5x2-zvxa-yba5

url VCID-fb7w-5fvt-zqe3

vulnerability_id VCID-fb7w-5fvt-zqe3

summary

Cross-site Scripting
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the `queue.jsp` page of Apache ActiveMQ.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8006.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8006.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-8006

reference_id

reference_type

scores

value	0.79947
scoring_system	epss
scoring_elements	0.99105
published_at	2026-04-13T12:55:00Z

value	0.79947
scoring_system	epss
scoring_elements	0.99104
published_at	2026-04-11T12:55:00Z

value	0.79947
scoring_system	epss
scoring_elements	0.99103
published_at	2026-04-09T12:55:00Z

value	0.79947
scoring_system	epss
scoring_elements	0.99102
published_at	2026-04-07T12:55:00Z

value	0.79947
scoring_system	epss
scoring_elements	0.99099
published_at	2026-04-04T12:55:00Z

value	0.79947
scoring_system	epss
scoring_elements	0.99096
published_at	2026-04-02T12:55:00Z

value	0.79947
scoring_system	epss
scoring_elements	0.99095
published_at	2026-04-01T12:55:00Z

value	0.79947
scoring_system	epss
scoring_elements	0.99107
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-8006

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8006
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8006

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/2373aa1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/2373aa1

reference_url

https://github.com/apache/activemq/commit/d8c80a98212ee5d73a281483a2f8b3f517465f62

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/d8c80a98212ee5d73a281483a2f8b3f517465f62

reference_url

https://issues.apache.org/jira/browse/AMQ-6954

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-6954

reference_url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/3f1e41bc9153936e065ca3094bd89ff8167ad2d39ac0b410f24382d2@%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/c0ec53b72b3240b187afb1cf67e4309a9e5f607282010aa196734814@%3Cgitbox.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E

reference_url

https://web.archive.org/web/20200227115717/http://www.securityfocus.com/bid/105156

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227115717/http://www.securityfocus.com/bid/105156

reference_url	http://www.securityfocus.com/bid/105156
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105156

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1622774
reference_id	1622774
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1622774

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-8006

reference_id

CVE-2018-8006

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-8006

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt

reference_id

CVE-2018-8006-ANNOUNCEMENT.TXT

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt

reference_url

https://github.com/advisories/GHSA-hvwm-2624-rp9x

reference_id

GHSA-hvwm-2624-rp9x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hvwm-2624-rp9x

fixed_packages

url pkg:deb/debian/activemq@5.15.8-2

purl pkg:deb/debian/activemq@5.15.8-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18k1-3h2s-8uex

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-6fqa-fzda-x3ej

vulnerability	VCID-9z4y-wq57-vyaf

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.15.8-2

aliases CVE-2018-8006, GHSA-hvwm-2624-rp9x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fb7w-5fvt-zqe3

url VCID-k4jb-36cp-1fc4

vulnerability_id VCID-k4jb-36cp-1fc4

summary

False positive
This advisory has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41678

reference_id

reference_type

scores

value	0.93623
scoring_system	epss
scoring_elements	0.99838
published_at	2026-04-12T12:55:00Z

value	0.93623
scoring_system	epss
scoring_elements	0.99837
published_at	2026-04-04T12:55:00Z

value	0.93623
scoring_system	epss
scoring_elements	0.99839
published_at	2026-04-13T12:55:00Z

value	0.93623
scoring_system	epss
scoring_elements	0.9984
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41678

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/5c8d457d9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/5c8d457d9

reference_url

https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2

reference_url

https://github.com/apache/activemq/commit/bf65929fd

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/bf65929fd

reference_url

https://github.com/apache/activemq/commit/d8ce1d9ff

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/d8ce1d9ff

reference_url

https://github.com/apache/activemq/pull/958

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/pull/958

reference_url

https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_url

https://security.netapp.com/advisory/ntap-20240216-0004

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240216-0004

reference_url

https://www.openwall.com/lists/oss-security/2023/11/28/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/11/28/1

reference_url

http://www.openwall.com/lists/oss-security/2023/11/28/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/11/28/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252185
reference_id	2252185
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252185

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-41678

reference_id

CVE-2022-41678

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-41678

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt

reference_id

CVE-2022-41678-ANNOUNCEMENT.TXT

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt

reference_url

https://github.com/advisories/GHSA-53v4-42fg-g287

reference_id

GHSA-53v4-42fg-g287

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-53v4-42fg-g287

reference_url	https://access.redhat.com/errata/RHSA-2024:2944
reference_id	RHSA-2024:2944
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2944

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

reference_url	https://usn.ubuntu.com/7268-1/
reference_id	USN-7268-1
reference_type
scores
url	https://usn.ubuntu.com/7268-1/

fixed_packages

url pkg:deb/debian/activemq@5.17.2%2Bdfsg-2%2Bdeb12u1

purl pkg:deb/debian/activemq@5.17.2%2Bdfsg-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.17.2%252Bdfsg-2%252Bdeb12u1

aliases CVE-2022-41678, GHSA-53v4-42fg-g287

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4jb-36cp-1fc4

url VCID-q6zs-spcv-v7ey

vulnerability_id VCID-q6zs-spcv-v7ey

summary

Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.

During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.
This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.

Users are recommended to upgrade to version 6.1.6+, 5.19.0+,  5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.

Existing users may implement mutual TLS to mitigate the risk on affected brokers.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27533.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27533.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27533

reference_id

reference_type

scores

value	0.02253
scoring_system	epss
scoring_elements	0.84617
published_at	2026-04-18T12:55:00Z

value	0.02253
scoring_system	epss
scoring_elements	0.84616
published_at	2026-04-16T12:55:00Z

value	0.02253
scoring_system	epss
scoring_elements	0.84597
published_at	2026-04-13T12:55:00Z

value	0.02253
scoring_system	epss
scoring_elements	0.84601
published_at	2026-04-12T12:55:00Z

value	0.02253
scoring_system	epss
scoring_elements	0.84606
published_at	2026-04-11T12:55:00Z

value	0.02253
scoring_system	epss
scoring_elements	0.84587
published_at	2026-04-09T12:55:00Z

value	0.02253
scoring_system	epss
scoring_elements	0.84534
published_at	2026-04-02T12:55:00Z

value	0.02253
scoring_system	epss
scoring_elements	0.8458
published_at	2026-04-08T12:55:00Z

value	0.02253
scoring_system	epss
scoring_elements	0.84559
published_at	2026-04-07T12:55:00Z

value	0.02253
scoring_system	epss
scoring_elements	0.84555
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27533

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27533

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/fc4372b9f0f72b8b5eed917f0019c5cea45c5d06

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/fc4372b9f0f72b8b5eed917f0019c5cea45c5d06

reference_url

https://issues.apache.org/jira/browse/AMQ-6596

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-6596

reference_url

https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-07T13:59:20Z/

url

https://lists.apache.org/thread/8hcm25vf7mchg4zbbhnlx2lc5bs705hg

reference_url

https://lists.debian.org/debian-lts-announce/2025/06/msg00020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/06/msg00020.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-27533

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-27533

reference_url

http://www.openwall.com/lists/oss-security/2025/05/06/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/AU:Y/R:A/V:D/RE:M/U:Red

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/05/06/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104933
reference_id	1104933
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104933

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2364684
reference_id	2364684
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2364684

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52288.py
reference_id	CVE-2025-27533
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52288.py

reference_url

https://github.com/advisories/GHSA-whxr-3p84-rf3c

reference_id

GHSA-whxr-3p84-rf3c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-whxr-3p84-rf3c

reference_url	https://access.redhat.com/errata/RHSA-2025:17567
reference_id	RHSA-2025:17567
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17567

fixed_packages

url pkg:deb/debian/activemq@5.17.2%2Bdfsg-2%2Bdeb12u1

purl pkg:deb/debian/activemq@5.17.2%2Bdfsg-2%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.17.2%252Bdfsg-2%252Bdeb12u1

url	pkg:deb/debian/activemq@5.17.6%2Bdfsg-2
purl	pkg:deb/debian/activemq@5.17.6%2Bdfsg-2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.17.6%252Bdfsg-2

aliases CVE-2025-27533, GHSA-whxr-3p84-rf3c

risk_score 10.0

exploitability 2.0

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q6zs-spcv-v7ey

url VCID-xttf-9hx8-fbdb

vulnerability_id VCID-xttf-9hx8-fbdb

summary TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:3892

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:3892

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11775.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11775.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11775

reference_id

reference_type

scores

value	0.00492
scoring_system	epss
scoring_elements	0.65648
published_at	2026-04-12T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65663
published_at	2026-04-11T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65643
published_at	2026-04-09T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.6563
published_at	2026-04-08T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65668
published_at	2026-04-18T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65655
published_at	2026-04-16T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.6562
published_at	2026-04-13T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65578
published_at	2026-04-07T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65612
published_at	2026-04-04T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65582
published_at	2026-04-02T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65533
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11775

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11775
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11775

reference_url

https://github.com/advisories/GHSA-m9w8-v359-9ffr

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-m9w8-v359-9ffr

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/02971a40e281713a8397d3a1809c164b594abfbb

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/02971a40e281713a8397d3a1809c164b594abfbb

reference_url

https://github.com/apache/activemq/commit/bde7097fb8173cf871827df7811b3865679b963d

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/bde7097fb8173cf871827df7811b3865679b963d

reference_url

https://issues.apache.org/jira/browse/AMQ-7047

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-7047

reference_url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_url	http://www.securityfocus.com/bid/105335
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105335

reference_url	http://www.securitytracker.com/id/1041618
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1041618

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1629083
reference_id	1629083
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1629083

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908950
reference_id	908950
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908950

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11775

reference_id

CVE-2018-11775

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11775

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt

reference_id

CVE-2018-11775-ANNOUNCEMENT.TXT

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2018-11775-announcement.txt

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

fixed_packages

url pkg:deb/debian/activemq@5.15.8-2

purl pkg:deb/debian/activemq@5.15.8-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18k1-3h2s-8uex

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-6fqa-fzda-x3ej

vulnerability	VCID-9z4y-wq57-vyaf

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.15.8-2

aliases CVE-2018-11775, GHSA-m9w8-v359-9ffr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xttf-9hx8-fbdb

Fixing_vulnerabilities

url VCID-brq9-y937-8faz

vulnerability_id VCID-brq9-y937-8faz

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.

references

reference_url

http://packetstormsecurity.com/files/136215/Apache-ActiveMQ-5.13.0-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/136215/Apache-ActiveMQ-5.13.0-Cross-Site-Scripting.html

reference_url

https://access.redhat.com/errata/RHSA-2016:1424

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2016:1424

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0782.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0782.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-0782

reference_id

reference_type

scores

value	0.01162
scoring_system	epss
scoring_elements	0.78631
published_at	2026-04-16T12:55:00Z

value	0.01162
scoring_system	epss
scoring_elements	0.78552
published_at	2026-04-01T12:55:00Z

value	0.01162
scoring_system	epss
scoring_elements	0.78559
published_at	2026-04-02T12:55:00Z

value	0.01162
scoring_system	epss
scoring_elements	0.7859
published_at	2026-04-04T12:55:00Z

value	0.01162
scoring_system	epss
scoring_elements	0.78572
published_at	2026-04-07T12:55:00Z

value	0.01162
scoring_system	epss
scoring_elements	0.78597
published_at	2026-04-08T12:55:00Z

value	0.01162
scoring_system	epss
scoring_elements	0.78603
published_at	2026-04-09T12:55:00Z

value	0.01162
scoring_system	epss
scoring_elements	0.78628
published_at	2026-04-18T12:55:00Z

value	0.01162
scoring_system	epss
scoring_elements	0.7861
published_at	2026-04-12T12:55:00Z

value	0.01162
scoring_system	epss
scoring_elements	0.78601
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0782

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1317516

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1317516

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0782
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0782

reference_url

https://github.com/apache/activemq/commit/0c9fdb5b4180c1ae800bbc8bae7a2c0620f6749b

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/0c9fdb5b4180c1ae800bbc8bae7a2c0620f6749b

reference_url

https://github.com/apache/activemq/commit/2061186a0a2486aebf26c4ceb8126933ed01826e

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/2061186a0a2486aebf26c4ceb8126933ed01826e

reference_url

https://github.com/apache/activemq/commit/7828069637acb2f1ca1710523f6a2b216c12c7f8

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/7828069637acb2f1ca1710523f6a2b216c12c7f8

reference_url

https://github.com/apache/activemq/compare/activemq-5.13.1...activemq-5.13.2

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/compare/activemq-5.13.1...activemq-5.13.2

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

reference_url	http://www.securityfocus.com/archive/1/537760/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/537760/100/0/threaded

reference_url	http://www.securitytracker.com/id/1035328
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035328

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.10.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.11.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.3:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.11.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.12.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.12.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.13.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.13.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.13.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.13.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.3:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.6.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.7.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.8.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.9.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.9.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.9.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0782

reference_id

CVE-2016-0782

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0782

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt

reference_id

CVE-2016-0782-ANNOUNCEMENT.TXT

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt

reference_url

https://github.com/advisories/GHSA-8rcq-p4gh-vmj8

reference_id

GHSA-8rcq-p4gh-vmj8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8rcq-p4gh-vmj8

fixed_packages

url pkg:deb/debian/activemq@5.14.3-3

purl pkg:deb/debian/activemq@5.14.3-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18k1-3h2s-8uex

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-5kmj-whmc-4bfa

vulnerability	VCID-6fqa-fzda-x3ej

vulnerability	VCID-9z4y-wq57-vyaf

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-fb7w-5fvt-zqe3

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

vulnerability	VCID-xttf-9hx8-fbdb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.14.3-3

aliases CVE-2016-0782, GHSA-8rcq-p4gh-vmj8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brq9-y937-8faz

url VCID-nq1y-96n5-eugd

vulnerability_id VCID-nq1y-96n5-eugd

summary The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

references

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:28:15Z/

url

http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:28:15Z/

url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3088.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3088.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3088

reference_id

reference_type

scores

value	0.94294
scoring_system	epss
scoring_elements	0.99943
published_at	2026-04-18T12:55:00Z

value	0.94294
scoring_system	epss
scoring_elements	0.99942
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3088

reference_url

https://github.com/apache/activemq/commit/3dd86d04e8b90ba309819317d19e7260d414d9e7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/3dd86d04e8b90ba309819317d19e7260d414d9e7

reference_url

https://issues.apache.org/jira/browse/AMQ-6276

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-6276

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:28:15Z/

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a@%3Cusers.activemq.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a@%3Cusers.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:28:15Z/

url

https://lists.apache.org/thread.html/f956ea38e4da2e2c1e7131e6f91e41754852f5a4861d1a14ca5ca78a%40%3Cusers.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:28:15Z/

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_url

https://stackoverflow.com/questions/67140241/configuring-activemq-webconsole-to-redirect-http-to-https

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://stackoverflow.com/questions/67140241/configuring-activemq-webconsole-to-redirect-http-to-https

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3088

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-3088

reference_url

https://www.exploit-db.com/exploits/42283

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/42283

reference_url

https://www.exploit-db.com/exploits/42283/

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:28:15Z/

url

https://www.exploit-db.com/exploits/42283/

reference_url

http://www.securitytracker.com/id/1035951

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:28:15Z/

url

http://www.securitytracker.com/id/1035951

reference_url

http://www.zerodayinitiative.com/advisories/ZDI-16-356

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:28:15Z/

url

http://www.zerodayinitiative.com/advisories/ZDI-16-356

reference_url

http://www.zerodayinitiative.com/advisories/ZDI-16-357

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:28:15Z/

url

http://www.zerodayinitiative.com/advisories/ZDI-16-357

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1339318
reference_id	1339318
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1339318

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq::::::::
reference_id	cpe:2.3:a:apache:activemq::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq::::::::

reference_url	https://github.com/rapid7/metasploit-framework/blob/43d8c4c5e7450d46eba2f18e6e0b6ba70c6dc671/modules/exploits/multi/http/apache_activemq_upload_jsp.rb
reference_id	CVE-2016-3088
reference_type	exploit
scores
url	https://github.com/rapid7/metasploit-framework/blob/43d8c4c5e7450d46eba2f18e6e0b6ba70c6dc671/modules/exploits/multi/http/apache_activemq_upload_jsp.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/42283.rb
reference_id	CVE-2016-3088
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/remote/42283.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3088

reference_id

CVE-2016-3088

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3088

reference_url

https://github.com/advisories/GHSA-rxqh-fc23-gxp2

reference_id

GHSA-rxqh-fc23-gxp2

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rxqh-fc23-gxp2

reference_url	https://access.redhat.com/errata/RHSA-2015:1176
reference_id	RHSA-2015:1176
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1176

reference_url	https://access.redhat.com/errata/RHSA-2016:2036
reference_id	RHSA-2016:2036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2036

fixed_packages

url pkg:deb/debian/activemq@5.14.3-3

purl pkg:deb/debian/activemq@5.14.3-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18k1-3h2s-8uex

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-5kmj-whmc-4bfa

vulnerability	VCID-6fqa-fzda-x3ej

vulnerability	VCID-9z4y-wq57-vyaf

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-fb7w-5fvt-zqe3

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

vulnerability	VCID-xttf-9hx8-fbdb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.14.3-3

aliases CVE-2016-3088, GHSA-rxqh-fc23-gxp2

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nq1y-96n5-eugd

url VCID-pf5e-93cg-guav

vulnerability_id VCID-pf5e-93cg-guav

summary Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174371.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174537.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-0489.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-0489.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2035.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2035.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5254.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5254.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5254

reference_id

reference_type

scores

value	0.8038
scoring_system	epss
scoring_elements	0.99115
published_at	2026-04-02T12:55:00Z

value	0.8038
scoring_system	epss
scoring_elements	0.99114
published_at	2026-04-01T12:55:00Z

value	0.8038
scoring_system	epss
scoring_elements	0.99122
published_at	2026-04-08T12:55:00Z

value	0.8038
scoring_system	epss
scoring_elements	0.99123
published_at	2026-04-13T12:55:00Z

value	0.8038
scoring_system	epss
scoring_elements	0.99125
published_at	2026-04-16T12:55:00Z

value	0.8038
scoring_system	epss
scoring_elements	0.99126
published_at	2026-04-18T12:55:00Z

value	0.8038
scoring_system	epss
scoring_elements	0.99118
published_at	2026-04-04T12:55:00Z

value	0.8038
scoring_system	epss
scoring_elements	0.99121
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5254

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5254
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5254

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/6f03921b31d9fefeddb0f4fa63150ed1f94a14b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/6f03921b31d9fefeddb0f4fa63150ed1f94a14b

reference_url

https://github.com/apache/activemq/commit/73a0caf758f9e4916783a205c7e422b4db27905

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/73a0caf758f9e4916783a205c7e422b4db27905

reference_url

https://github.com/apache/activemq/commit/7eb9b218b2705cf9273e30ee2da026e43b6dd4e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/7eb9b218b2705cf9273e30ee2da026e43b6dd4e

reference_url	https://github.com/apache/activemq/commit/a7e2a44fe8d4435ae99532eb0ab852e6247f7b16
reference_id
reference_type
scores
url	https://github.com/apache/activemq/commit/a7e2a44fe8d4435ae99532eb0ab852e6247f7b16

reference_url	https://github.com/apache/activemq/commit/d7a3b9406b8496c3f1508bebf3c7ff5367374b90
reference_id
reference_type
scores
url	https://github.com/apache/activemq/commit/d7a3b9406b8496c3f1508bebf3c7ff5367374b90

reference_url	https://github.com/apache/activemq/commit/e100638244c4ca5eb2a1f16bcdc671c9859c2694
reference_id
reference_type
scores
url	https://github.com/apache/activemq/commit/e100638244c4ca5eb2a1f16bcdc671c9859c2694

reference_url

https://github.com/apache/activemq/commit/e7a4b53f799685e337972dd36ba0253c04bcc01

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/e7a4b53f799685e337972dd36ba0253c04bcc01

reference_url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

reference_url

https://issues.apache.org/jira/browse/AMQ-6013

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-6013

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

reference_url

http://www.debian.org/security/2016/dsa-3524

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3524

reference_url

http://www.openwall.com/lists/oss-security/2015/12/08/6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/12/08/6

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1291292
reference_id	1291292
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1291292

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809733
reference_id	809733
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809733

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.0.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.10.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.10.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.11.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.12.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.12.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.3:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.6.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.7.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.8.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.9.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.9.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.9.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:::::::*
reference_id	cpe:2.3:a:redhat:openshift:2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift:2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5254

reference_id

CVE-2015-5254

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5254

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt

reference_id

CVE-2015-5254-ANNOUNCEMENT.TXT

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt

reference_url

https://github.com/advisories/GHSA-q9hr-3pg4-3jp4

reference_id

GHSA-q9hr-3pg4-3jp4

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q9hr-3pg4-3jp4

reference_url	https://access.redhat.com/errata/RHSA-2016:0489
reference_id	RHSA-2016:0489
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0489

reference_url	https://access.redhat.com/errata/RHSA-2016:2035
reference_id	RHSA-2016:2035
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2035

reference_url	https://access.redhat.com/errata/RHSA-2016:2036
reference_id	RHSA-2016:2036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2036

fixed_packages

url pkg:deb/debian/activemq@5.6.0%2Bdfsg1-4%2Bdeb8u3

purl pkg:deb/debian/activemq@5.6.0%2Bdfsg1-4%2Bdeb8u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18k1-3h2s-8uex

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-5kmj-whmc-4bfa

vulnerability	VCID-6fqa-fzda-x3ej

vulnerability	VCID-9z4y-wq57-vyaf

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-brq9-y937-8faz

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-fb7w-5fvt-zqe3

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-nq1y-96n5-eugd

vulnerability	VCID-pf5e-93cg-guav

vulnerability	VCID-q6zs-spcv-v7ey

vulnerability	VCID-uw15-q255-zbe8

vulnerability	VCID-xttf-9hx8-fbdb

vulnerability	VCID-y7sj-71h1-3qhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.6.0%252Bdfsg1-4%252Bdeb8u3

url pkg:deb/debian/activemq@5.14.3-3

purl pkg:deb/debian/activemq@5.14.3-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18k1-3h2s-8uex

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-5kmj-whmc-4bfa

vulnerability	VCID-6fqa-fzda-x3ej

vulnerability	VCID-9z4y-wq57-vyaf

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-fb7w-5fvt-zqe3

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

vulnerability	VCID-xttf-9hx8-fbdb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.14.3-3

aliases CVE-2015-5254, GHSA-q9hr-3pg4-3jp4

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pf5e-93cg-guav

url VCID-uw15-q255-zbe8

vulnerability_id VCID-uw15-q255-zbe8

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6810.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6810.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6810

reference_id

reference_type

scores

value	0.02149
scoring_system	epss
scoring_elements	0.84264
published_at	2026-04-18T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84171
published_at	2026-04-01T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84184
published_at	2026-04-02T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84202
published_at	2026-04-04T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84203
published_at	2026-04-07T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84225
published_at	2026-04-08T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84231
published_at	2026-04-09T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84249
published_at	2026-04-11T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84244
published_at	2026-04-12T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84241
published_at	2026-04-13T12:55:00Z

value	0.02149
scoring_system	epss
scoring_elements	0.84262
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6810

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6810
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6810

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/77b827f

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/77b827f

reference_url

https://github.com/apache/activemq/commit/c1157fe1f007ee2344a7f0badefa0794c98817cd

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/c1157fe1f007ee2344a7f0badefa0794c98817cd

reference_url

https://github.com/apache/activemq/commit/e16ed24

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/e16ed24

reference_url

https://issues.apache.org/jira/browse/AMQ-6468

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-6468

reference_url

https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc@%3Cusers.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc@%3Cusers.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc%40%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc%40%3Cusers.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_url	https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

reference_url	http://www.securityfocus.com/bid/94882
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/94882

reference_url	http://www.securitytracker.com/id/1037475
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1037475

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1404645
reference_id	1404645
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1404645

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq::::::::
reference_id	cpe:2.3:a:apache:activemq::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6810

reference_id

CVE-2016-6810

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6810

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt

reference_id

CVE-2016-6810-ANNOUNCEMENT.TXT

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt

reference_url

https://github.com/advisories/GHSA-5jg4-p78r-p5j3

reference_id

GHSA-5jg4-p78r-p5j3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5jg4-p78r-p5j3

fixed_packages

url pkg:deb/debian/activemq@5.14.3-3

purl pkg:deb/debian/activemq@5.14.3-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18k1-3h2s-8uex

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-5kmj-whmc-4bfa

vulnerability	VCID-6fqa-fzda-x3ej

vulnerability	VCID-9z4y-wq57-vyaf

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-fb7w-5fvt-zqe3

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

vulnerability	VCID-xttf-9hx8-fbdb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.14.3-3

aliases CVE-2016-6810, GHSA-5jg4-p78r-p5j3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uw15-q255-zbe8

url VCID-y7sj-71h1-3qhr

vulnerability_id VCID-y7sj-71h1-3qhr

summary It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7559.json

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7559.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7559

reference_id

reference_type

scores

value	0.00082
scoring_system	epss
scoring_elements	0.24062
published_at	2026-04-18T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24074
published_at	2026-04-16T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24061
published_at	2026-04-13T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24118
published_at	2026-04-12T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24208
published_at	2026-04-02T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24078
published_at	2026-04-01T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24244
published_at	2026-04-04T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.2416
published_at	2026-04-11T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24143
published_at	2026-04-09T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.24097
published_at	2026-04-08T12:55:00Z

value	0.00082
scoring_system	epss
scoring_elements	0.2403
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7559

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7559

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7559
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7559

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url	https://github.com/apache/activemq/commit/338a74dfa42a7b19d39adecacfa5f626a050e807
reference_id
reference_type
scores
url	https://github.com/apache/activemq/commit/338a74dfa42a7b19d39adecacfa5f626a050e807

reference_url

https://github.com/apache/activemq/commit/b8fc78ec6c367cbe2a40a674eaec64ac3d7d1ec

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/b8fc78ec6c367cbe2a40a674eaec64ac3d7d1ec

reference_url

https://issues.apache.org/jira/browse/AMQ-6470

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-6470

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7559

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7559

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1293972
reference_id	1293972
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1293972

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860866
reference_id	860866
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860866

reference_url

https://github.com/advisories/GHSA-jvpp-hxjj-5ccc

reference_id

GHSA-jvpp-hxjj-5ccc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jvpp-hxjj-5ccc

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

fixed_packages

url pkg:deb/debian/activemq@5.14.3-3

purl pkg:deb/debian/activemq@5.14.3-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-18k1-3h2s-8uex

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-5kmj-whmc-4bfa

vulnerability	VCID-6fqa-fzda-x3ej

vulnerability	VCID-9z4y-wq57-vyaf

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-fb7w-5fvt-zqe3

vulnerability	VCID-k4jb-36cp-1fc4

vulnerability	VCID-q6zs-spcv-v7ey

vulnerability	VCID-xttf-9hx8-fbdb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.14.3-3

aliases CVE-2015-7559, GHSA-jvpp-hxjj-5ccc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y7sj-71h1-3qhr

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/activemq@5.14.3-3

Package Instance