Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.activemq/activemq-core@5.2.0

Type maven

Namespace org.apache.activemq

Name activemq-core

Version 5.2.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-37ws-cqf7-4udm

vulnerability_id VCID-37ws-cqf7-4udm

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13947

reference_id

reference_type

scores

value	0.04029
scoring_system	epss
scoring_elements	0.88498
published_at	2026-04-21T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88504
published_at	2026-04-16T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88435
published_at	2026-04-01T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.885
published_at	2026-04-18T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88489
published_at	2026-04-13T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.8849
published_at	2026-04-12T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88497
published_at	2026-04-11T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88487
published_at	2026-04-09T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88481
published_at	2026-04-08T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88462
published_at	2026-04-07T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88459
published_at	2026-04-04T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88443
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13947

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80

reference_url

https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1

reference_url

https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13947

reference_id

CVE-2020-13947

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13947

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt

reference_id

CVE-2020-13947-ANNOUNCEMENT.TXT

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt

reference_url

https://github.com/advisories/GHSA-66gw-ch5v-74v8

reference_id

GHSA-66gw-ch5v-74v8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-66gw-ch5v-74v8

fixed_packages

url	pkg:maven/org.apache.activemq/activemq-core@5.15.14
purl	pkg:maven/org.apache.activemq/activemq-core@5.15.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.15.14

url	pkg:maven/org.apache.activemq/activemq-core@5.16.1
purl	pkg:maven/org.apache.activemq/activemq-core@5.16.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.16.1

aliases CVE-2020-13947, GHSA-66gw-ch5v-74v8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37ws-cqf7-4udm

url VCID-a3nb-p5p6-zbf7

vulnerability_id VCID-a3nb-p5p6-zbf7

summary

Missing Authentication for Critical Function
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13920.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13920.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13920

reference_id

reference_type

scores

value	0.00174
scoring_system	epss
scoring_elements	0.3883
published_at	2026-04-16T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38785
published_at	2026-04-13T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38813
published_at	2026-04-12T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38849
published_at	2026-04-11T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38728
published_at	2026-04-21T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38837
published_at	2026-04-09T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38826
published_at	2026-04-08T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38808
published_at	2026-04-18T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39514
published_at	2026-04-02T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39352
published_at	2026-04-01T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39451
published_at	2026-04-07T12:55:00Z

value	0.00179
scoring_system	epss
scoring_elements	0.39537
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13920

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13920
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13920

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/359ae4b

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/359ae4b

reference_url

https://github.com/apache/activemq/commit/48cd61d

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/48cd61d

reference_url

https://github.com/apache/activemq/commit/58382283330f7c7b110c7afd8ef4ca2648786532

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/58382283330f7c7b110c7afd8ef4ca2648786532

reference_url

https://github.com/apache/activemq/commit/b7dca5e

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/b7dca5e

reference_url

https://issues.apache.org/jira/browse/AMQ-7400

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-7400

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1880101
reference_id	1880101
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1880101

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13920

reference_id

CVE-2020-13920

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13920

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt

reference_id

CVE-2020-13920-ANNOUNCEMENT.TXT

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt

reference_url

https://github.com/advisories/GHSA-xgrx-xpv2-6vp4

reference_id

GHSA-xgrx-xpv2-6vp4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xgrx-xpv2-6vp4

reference_url	https://access.redhat.com/errata/RHSA-2021:3205
reference_id	RHSA-2021:3205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3205

reference_url	https://access.redhat.com/errata/RHSA-2021:3207
reference_id	RHSA-2021:3207
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3207

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

fixed_packages

url	pkg:maven/org.apache.activemq/activemq-core@5.15.12
purl	pkg:maven/org.apache.activemq/activemq-core@5.15.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.15.12

aliases CVE-2020-13920, GHSA-xgrx-xpv2-6vp4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a3nb-p5p6-zbf7

url VCID-a7j9-mzvg-cycr

vulnerability_id VCID-a7j9-mzvg-cycr

summary Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1029.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1029.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1880.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1880.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1880

reference_id

reference_type

scores

value	0.01367
scoring_system	epss
scoring_elements	0.8023
published_at	2026-04-21T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80188
published_at	2026-04-08T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80196
published_at	2026-04-09T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80216
published_at	2026-04-11T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80202
published_at	2026-04-12T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80197
published_at	2026-04-13T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80226
published_at	2026-04-16T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80227
published_at	2026-04-18T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80145
published_at	2026-04-01T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80152
published_at	2026-04-02T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.80172
published_at	2026-04-04T12:55:00Z

value	0.01367
scoring_system	epss
scoring_elements	0.8016
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1880

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=924447

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=924447

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/fafd12dfd4f71336f8e32c090d40ed1445959b40

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/fafd12dfd4f71336f8e32c090d40ed1445959b40

reference_url

https://issues.apache.org/jira/browse/AMQ-4398

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-4398

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1880

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1880

reference_url

http://www.securityfocus.com/bid/65615

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/65615

reference_url

https://github.com/advisories/GHSA-c9gx-27hq-wcvj

reference_id

GHSA-c9gx-27hq-wcvj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c9gx-27hq-wcvj

reference_url	https://access.redhat.com/errata/RHSA-2013:1029
reference_id	RHSA-2013:1029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1029

fixed_packages

url	pkg:maven/org.apache.activemq/activemq-core@5.9.0
purl	pkg:maven/org.apache.activemq/activemq-core@5.9.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.9.0

aliases CVE-2013-1880, GHSA-c9gx-27hq-wcvj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7j9-mzvg-cycr

url VCID-anw6-f8f2-q3hx

vulnerability_id VCID-anw6-f8f2-q3hx

summary Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

references

reference_url

http://activemq.apache.org/activemq-580-release.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/activemq-580-release.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1029.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1029.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6092.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6092.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6092

reference_id

reference_type

scores

value	0.02575
scoring_system	epss
scoring_elements	0.85576
published_at	2026-04-21T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85509
published_at	2026-04-04T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85514
published_at	2026-04-07T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85534
published_at	2026-04-08T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85543
published_at	2026-04-09T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85557
published_at	2026-04-11T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85555
published_at	2026-04-12T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85551
published_at	2026-04-13T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85574
published_at	2026-04-16T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85579
published_at	2026-04-18T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85481
published_at	2026-04-01T12:55:00Z

value	0.02575
scoring_system	epss
scoring_elements	0.85493
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6092

reference_url

https://fisheye6.atlassian.com/changelog/activemq?cs=1399577

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://fisheye6.atlassian.com/changelog/activemq?cs=1399577

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/51eb87a84be88d28383ea48f6e341ffe1203c5ba

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/51eb87a84be88d28383ea48f6e341ffe1203c5ba

reference_url

https://issues.apache.org/jira/browse/AMQ-4115

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-4115

reference_url

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282

reference_url

http://www.securityfocus.com/bid/59400

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/59400

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=955906
reference_id	955906
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=955906

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq::::::::
reference_id	cpe:2.3:a:apache:activemq::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:4.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:m4::::::
reference_id	cpe:2.3:a:apache:activemq:4.0:m4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:m4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:rc2::::::
reference_id	cpe:2.3:a:apache:activemq:4.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.1.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:4.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.1.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.0.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.2:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.4.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.1:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.6.0:::::::*
reference_id	cpe:2.3:a:apache:activemq:5.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6092

reference_id

CVE-2012-6092

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6092

reference_url

https://github.com/advisories/GHSA-rp9p-863f-9c4h

reference_id

GHSA-rp9p-863f-9c4h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rp9p-863f-9c4h

reference_url	https://access.redhat.com/errata/RHSA-2013:1029
reference_id	RHSA-2013:1029
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1029

fixed_packages

url	pkg:maven/org.apache.activemq/activemq-core@5.8.0
purl	pkg:maven/org.apache.activemq/activemq-core@5.8.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.8.0

aliases CVE-2012-6092, GHSA-rp9p-863f-9c4h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-anw6-f8f2-q3hx

url VCID-cuhh-zgq5-n3gr

vulnerability_id VCID-cuhh-zgq5-n3gr

summary Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

references

reference_url

http://openwall.com/lists/oss-security/2011/12/25/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2011/12/25/2

reference_url

http://openwall.com/lists/oss-security/2011/12/25/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2011/12/25/6

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4905.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4905.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-4905

reference_id

reference_type

scores

value	0.12504
scoring_system	epss
scoring_elements	0.93954
published_at	2026-04-21T12:55:00Z

value	0.12504
scoring_system	epss
scoring_elements	0.93889
published_at	2026-04-01T12:55:00Z

value	0.12504
scoring_system	epss
scoring_elements	0.93898
published_at	2026-04-02T12:55:00Z

value	0.12504
scoring_system	epss
scoring_elements	0.93907
published_at	2026-04-04T12:55:00Z

value	0.12504
scoring_system	epss
scoring_elements	0.9391
published_at	2026-04-07T12:55:00Z

value	0.12504
scoring_system	epss
scoring_elements	0.9392
published_at	2026-04-08T12:55:00Z

value	0.12504
scoring_system	epss
scoring_elements	0.93923
published_at	2026-04-09T12:55:00Z

value	0.12504
scoring_system	epss
scoring_elements	0.93927
published_at	2026-04-13T12:55:00Z

value	0.12504
scoring_system	epss
scoring_elements	0.93948
published_at	2026-04-16T12:55:00Z

value	0.12504
scoring_system	epss
scoring_elements	0.93953
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-4905

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4905
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4905

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/3a71f8e33d0309cb0ca5b5758a8f251da205e757

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/3a71f8e33d0309cb0ca5b5758a8f251da205e757

reference_url

https://github.com/apache/activemq/commit/9df9d3e89140b7329654ad5675259ec6f0c4b3a7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/9df9d3e89140b7329654ad5675259ec6f0c4b3a7

reference_url

https://github.com/apache/activemq/commit/da7f9962c640666a743675085922bf75a656f81b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/da7f9962c640666a743675085922bf75a656f81b

reference_url

https://issues.apache.org/jira/browse/AMQ-1928

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-1928

reference_url

https://issues.apache.org/jira/browse/AMQ-3294

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-3294

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-4905

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-4905

reference_url

http://svn.apache.org/viewvc?view=revision&revision=1209700

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc?view=revision&revision=1209700

reference_url

http://svn.apache.org/viewvc?view=revision&revision=1211844

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://svn.apache.org/viewvc?view=revision&revision=1211844

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655495
reference_id	655495
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655495

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=769770
reference_id	769770
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=769770

reference_url

https://github.com/advisories/GHSA-9wcx-326r-7j7w

reference_id

GHSA-9wcx-326r-7j7w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9wcx-326r-7j7w

fixed_packages

url pkg:maven/org.apache.activemq/activemq-core@5.6.0

purl pkg:maven/org.apache.activemq/activemq-core@5.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-37ws-cqf7-4udm

vulnerability	VCID-a3nb-p5p6-zbf7

vulnerability	VCID-a7j9-mzvg-cycr

vulnerability	VCID-anw6-f8f2-q3hx

vulnerability	VCID-f5x2-zvxa-yba5

vulnerability	VCID-k4jb-36cp-1fc4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.6.0

aliases CVE-2011-4905, GHSA-9wcx-326r-7j7w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cuhh-zgq5-n3gr

url

VCID-f5x2-zvxa-yba5

vulnerability_id

VCID-f5x2-zvxa-yba5

summary

False positive
This advisory has been marked as a false positive.

references

reference_url

http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46604

reference_id

reference_type

scores

value	0.94436
scoring_system	epss
scoring_elements	0.99987
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604

reference_url

http://seclists.org/fulldisclosure/2024/Apr/18

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

http://seclists.org/fulldisclosure/2024/Apr/18

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc

reference_url

https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d

reference_url

https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f

reference_url

https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436

reference_url

https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0

reference_url

https://github.com/apache/activemq/pull/1098

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/pull/1098

reference_url

https://issues.apache.org/jira/browse/AMQ-9370

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-9370

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_url

https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_url

https://security.netapp.com/advisory/ntap-20231110-0010

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231110-0010

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604

reference_url

https://www.openwall.com/lists/oss-security/2023/10/27/5

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://www.openwall.com/lists/oss-security/2023/10/27/5

reference_url

http://www.openwall.com/lists/oss-security/2023/10/27/5

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/10/27/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909
reference_id	1054909
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2246645
reference_id	2246645
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2246645

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604

reference_id

CVE-2023-46604

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46604

reference_id

CVE-2023-46604

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46604

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt

reference_id

CVE-2023-46604-ANNOUNCEMENT.TXT

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt

reference_url

https://github.com/advisories/GHSA-crg9-44h2-xw35

reference_id

GHSA-crg9-44h2-xw35

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-crg9-44h2-xw35

reference_url

https://security.netapp.com/advisory/ntap-20231110-0010/

reference_id

ntap-20231110-0010

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://security.netapp.com/advisory/ntap-20231110-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:6849
reference_id	RHSA-2023:6849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6849

reference_url	https://access.redhat.com/errata/RHSA-2023:6866
reference_id	RHSA-2023:6866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6866

reference_url	https://access.redhat.com/errata/RHSA-2023:6877
reference_id	RHSA-2023:6877
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6877

reference_url	https://access.redhat.com/errata/RHSA-2023:6878
reference_id	RHSA-2023:6878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6878

reference_url	https://access.redhat.com/errata/RHSA-2023:6879
reference_id	RHSA-2023:6879
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6879

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

reference_url	https://usn.ubuntu.com/7268-1/
reference_id	USN-7268-1
reference_type
scores
url	https://usn.ubuntu.com/7268-1/

fixed_packages

aliases

CVE-2023-46604, GHSA-crg9-44h2-xw35

risk_score

10.0

exploitability

2.0

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-f5x2-zvxa-yba5

url

VCID-k4jb-36cp-1fc4

vulnerability_id

VCID-k4jb-36cp-1fc4

summary

False positive
This advisory has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41678

reference_id

reference_type

scores

value	0.9303
scoring_system	epss
scoring_elements	0.99786
published_at	2026-04-21T12:55:00Z

value	0.93623
scoring_system	epss
scoring_elements	0.99838
published_at	2026-04-12T12:55:00Z

value	0.93623
scoring_system	epss
scoring_elements	0.99837
published_at	2026-04-04T12:55:00Z

value	0.93623
scoring_system	epss
scoring_elements	0.99839
published_at	2026-04-13T12:55:00Z

value	0.93623
scoring_system	epss
scoring_elements	0.9984
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41678

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/5c8d457d9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/5c8d457d9

reference_url

https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2

reference_url

https://github.com/apache/activemq/commit/bf65929fd

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/bf65929fd

reference_url

https://github.com/apache/activemq/commit/d8ce1d9ff

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/d8ce1d9ff

reference_url

https://github.com/apache/activemq/pull/958

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/pull/958

reference_url

https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_url

https://security.netapp.com/advisory/ntap-20240216-0004

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240216-0004

reference_url

https://www.openwall.com/lists/oss-security/2023/11/28/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/11/28/1

reference_url

http://www.openwall.com/lists/oss-security/2023/11/28/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/11/28/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252185
reference_id	2252185
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252185

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-41678

reference_id

CVE-2022-41678

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-41678

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt

reference_id

CVE-2022-41678-ANNOUNCEMENT.TXT

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt

reference_url

https://github.com/advisories/GHSA-53v4-42fg-g287

reference_id

GHSA-53v4-42fg-g287

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-53v4-42fg-g287

reference_url	https://access.redhat.com/errata/RHSA-2024:2944
reference_id	RHSA-2024:2944
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2944

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

reference_url	https://usn.ubuntu.com/7268-1/
reference_id	USN-7268-1
reference_type
scores
url	https://usn.ubuntu.com/7268-1/

fixed_packages

aliases

CVE-2022-41678, GHSA-53v4-42fg-g287

risk_score

10.0

exploitability

2.0

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-k4jb-36cp-1fc4

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.2.0

Package Instance