Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.activemq/activemq-jaas@5.7.0
Typemaven
Namespaceorg.apache.activemq
Nameactivemq-jaas
Version5.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.16.7
Latest_non_vulnerable_version5.18.3
Affected_by_vulnerabilities
0
url VCID-37ws-cqf7-4udm
vulnerability_id VCID-37ws-cqf7-4udm
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13947
reference_id
reference_type
scores
0
value 0.04029
scoring_system epss
scoring_elements 0.88498
published_at 2026-04-21T12:55:00Z
1
value 0.04029
scoring_system epss
scoring_elements 0.88504
published_at 2026-04-16T12:55:00Z
2
value 0.04029
scoring_system epss
scoring_elements 0.88435
published_at 2026-04-01T12:55:00Z
3
value 0.04029
scoring_system epss
scoring_elements 0.885
published_at 2026-04-18T12:55:00Z
4
value 0.04029
scoring_system epss
scoring_elements 0.88489
published_at 2026-04-13T12:55:00Z
5
value 0.04029
scoring_system epss
scoring_elements 0.8849
published_at 2026-04-12T12:55:00Z
6
value 0.04029
scoring_system epss
scoring_elements 0.88497
published_at 2026-04-11T12:55:00Z
7
value 0.04029
scoring_system epss
scoring_elements 0.88487
published_at 2026-04-09T12:55:00Z
8
value 0.04029
scoring_system epss
scoring_elements 0.88481
published_at 2026-04-08T12:55:00Z
9
value 0.04029
scoring_system epss
scoring_elements 0.88462
published_at 2026-04-07T12:55:00Z
10
value 0.04029
scoring_system epss
scoring_elements 0.88459
published_at 2026-04-04T12:55:00Z
11
value 0.04029
scoring_system epss
scoring_elements 0.88443
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13947
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947
2
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
3
reference_url https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80
4
reference_url https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1
5
reference_url https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E
8
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
9
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13947
reference_id CVE-2020-13947
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13947
11
reference_url http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt
reference_id CVE-2020-13947-ANNOUNCEMENT.TXT
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt
12
reference_url https://github.com/advisories/GHSA-66gw-ch5v-74v8
reference_id GHSA-66gw-ch5v-74v8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66gw-ch5v-74v8
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-jaas@5.15.14
purl pkg:maven/org.apache.activemq/activemq-jaas@5.15.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f5x2-zvxa-yba5
1
vulnerability VCID-k4jb-36cp-1fc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.15.14
1
url pkg:maven/org.apache.activemq/activemq-jaas@5.16.1
purl pkg:maven/org.apache.activemq/activemq-jaas@5.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f5x2-zvxa-yba5
1
vulnerability VCID-k4jb-36cp-1fc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.16.1
aliases CVE-2020-13947, GHSA-66gw-ch5v-74v8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37ws-cqf7-4udm
1
url VCID-f5x2-zvxa-yba5
vulnerability_id VCID-f5x2-zvxa-yba5
summary 
False positive
This advisory has been marked as a false positive.
references
0
reference_url http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46604
reference_id
reference_type
scores
0
value 0.94436
scoring_system epss
scoring_elements 0.99987
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46604
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
4
reference_url http://seclists.org/fulldisclosure/2024/Apr/18
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url http://seclists.org/fulldisclosure/2024/Apr/18
5
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
6
reference_url https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc
7
reference_url https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d
8
reference_url https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f
9
reference_url https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436
10
reference_url https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0
11
reference_url https://github.com/apache/activemq/pull/1098
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/pull/1098
12
reference_url https://issues.apache.org/jira/browse/AMQ-9370
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/AMQ-9370
13
reference_url https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
14
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html
15
reference_url https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
16
reference_url https://security.netapp.com/advisory/ntap-20231110-0010
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231110-0010
17
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604
18
reference_url https://www.openwall.com/lists/oss-security/2023/10/27/5
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://www.openwall.com/lists/oss-security/2023/10/27/5
19
reference_url http://www.openwall.com/lists/oss-security/2023/10/27/5
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/10/27/5
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909
reference_id 1054909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246645
reference_id 2246645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246645
22
reference_url https://activemq.apache.org/security-advisories.data/CVE-2023-46604
reference_id CVE-2023-46604
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://activemq.apache.org/security-advisories.data/CVE-2023-46604
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46604
reference_id CVE-2023-46604
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46604
24
reference_url https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
reference_id CVE-2023-46604-ANNOUNCEMENT.TXT
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
25
reference_url https://github.com/advisories/GHSA-crg9-44h2-xw35
reference_id GHSA-crg9-44h2-xw35
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crg9-44h2-xw35
26
reference_url https://security.netapp.com/advisory/ntap-20231110-0010/
reference_id ntap-20231110-0010
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/
url https://security.netapp.com/advisory/ntap-20231110-0010/
27
reference_url https://access.redhat.com/errata/RHSA-2023:6849
reference_id RHSA-2023:6849
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6849
28
reference_url https://access.redhat.com/errata/RHSA-2023:6866
reference_id RHSA-2023:6866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6866
29
reference_url https://access.redhat.com/errata/RHSA-2023:6877
reference_id RHSA-2023:6877
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6877
30
reference_url https://access.redhat.com/errata/RHSA-2023:6878
reference_id RHSA-2023:6878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6878
31
reference_url https://access.redhat.com/errata/RHSA-2023:6879
reference_id RHSA-2023:6879
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6879
32
reference_url https://usn.ubuntu.com/6910-1/
reference_id USN-6910-1
reference_type
scores
url https://usn.ubuntu.com/6910-1/
33
reference_url https://usn.ubuntu.com/7268-1/
reference_id USN-7268-1
reference_type
scores
url https://usn.ubuntu.com/7268-1/
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-jaas@5.15.16
purl pkg:maven/org.apache.activemq/activemq-jaas@5.15.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k4jb-36cp-1fc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.15.16
1
url pkg:maven/org.apache.activemq/activemq-jaas@5.16.7
purl pkg:maven/org.apache.activemq/activemq-jaas@5.16.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.16.7
2
url pkg:maven/org.apache.activemq/activemq-jaas@5.17.6
purl pkg:maven/org.apache.activemq/activemq-jaas@5.17.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.17.6
3
url pkg:maven/org.apache.activemq/activemq-jaas@5.18.3
purl pkg:maven/org.apache.activemq/activemq-jaas@5.18.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.18.3
aliases CVE-2023-46604, GHSA-crg9-44h2-xw35
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f5x2-zvxa-yba5
2
url VCID-gxt8-xcsg-3kes
vulnerability_id VCID-gxt8-xcsg-3kes
summary The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-0137.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0137.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-0138.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0138.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3612.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3612.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3612
reference_id
reference_type
scores
0
value 0.00705
scoring_system epss
scoring_elements 0.72127
published_at 2026-04-21T12:55:00Z
1
value 0.00705
scoring_system epss
scoring_elements 0.72075
published_at 2026-04-04T12:55:00Z
2
value 0.00705
scoring_system epss
scoring_elements 0.72051
published_at 2026-04-07T12:55:00Z
3
value 0.00705
scoring_system epss
scoring_elements 0.72088
published_at 2026-04-08T12:55:00Z
4
value 0.00705
scoring_system epss
scoring_elements 0.721
published_at 2026-04-09T12:55:00Z
5
value 0.00705
scoring_system epss
scoring_elements 0.72122
published_at 2026-04-11T12:55:00Z
6
value 0.00705
scoring_system epss
scoring_elements 0.72107
published_at 2026-04-12T12:55:00Z
7
value 0.00705
scoring_system epss
scoring_elements 0.72093
published_at 2026-04-13T12:55:00Z
8
value 0.00705
scoring_system epss
scoring_elements 0.72133
published_at 2026-04-16T12:55:00Z
9
value 0.00705
scoring_system epss
scoring_elements 0.72141
published_at 2026-04-18T12:55:00Z
10
value 0.00705
scoring_system epss
scoring_elements 0.72048
published_at 2026-04-01T12:55:00Z
11
value 0.00705
scoring_system epss
scoring_elements 0.72054
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3612
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3612
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3612
5
reference_url http://seclists.org/oss-sec/2015/q1/427
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2015/q1/427
6
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
7
reference_url https://github.com/apache/activemq/commit/0b5231ada5ce365b41832ba8752ee210145d1cbe
reference_id
reference_type
scores
url https://github.com/apache/activemq/commit/0b5231ada5ce365b41832ba8752ee210145d1cbe
8
reference_url https://github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39
9
reference_url https://issues.apache.org/jira/browse/AMQ-5345
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/AMQ-5345
10
reference_url https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
12
reference_url http://www.securityfocus.com/bid/72513
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/72513
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1135912
reference_id 1135912
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1135912
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777196
reference_id 777196
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777196
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3612
reference_id CVE-2014-3612
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3612
16
reference_url http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
reference_id CVE-2014-3612-ANNOUNCEMENT.TXT
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
17
reference_url https://github.com/advisories/GHSA-72m6-23ff-7q26
reference_id GHSA-72m6-23ff-7q26
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72m6-23ff-7q26
18
reference_url https://access.redhat.com/errata/RHSA-2015:0137
reference_id RHSA-2015:0137
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0137
19
reference_url https://access.redhat.com/errata/RHSA-2015:0138
reference_id RHSA-2015:0138
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0138
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-jaas@5.10.1
purl pkg:maven/org.apache.activemq/activemq-jaas@5.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37ws-cqf7-4udm
1
vulnerability VCID-f5x2-zvxa-yba5
2
vulnerability VCID-k4jb-36cp-1fc4
3
vulnerability VCID-rkj1-fqpn-cyfk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.10.1
aliases CVE-2014-3612, GHSA-72m6-23ff-7q26
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxt8-xcsg-3kes
3
url VCID-k4jb-36cp-1fc4
vulnerability_id VCID-k4jb-36cp-1fc4
summary 
False positive
This advisory has been marked as a false positive.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41678
reference_id
reference_type
scores
0
value 0.9303
scoring_system epss
scoring_elements 0.99786
published_at 2026-04-21T12:55:00Z
1
value 0.93623
scoring_system epss
scoring_elements 0.99838
published_at 2026-04-12T12:55:00Z
2
value 0.93623
scoring_system epss
scoring_elements 0.99837
published_at 2026-04-04T12:55:00Z
3
value 0.93623
scoring_system epss
scoring_elements 0.99839
published_at 2026-04-13T12:55:00Z
4
value 0.93623
scoring_system epss
scoring_elements 0.9984
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41678
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678
3
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
4
reference_url https://github.com/apache/activemq/commit/5c8d457d9
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/5c8d457d9
5
reference_url https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2
6
reference_url https://github.com/apache/activemq/commit/bf65929fd
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/bf65929fd
7
reference_url https://github.com/apache/activemq/commit/d8ce1d9ff
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/d8ce1d9ff
8
reference_url https://github.com/apache/activemq/pull/958
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/pull/958
9
reference_url https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl
10
reference_url https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html
11
reference_url https://security.netapp.com/advisory/ntap-20240216-0004
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240216-0004
12
reference_url https://www.openwall.com/lists/oss-security/2023/11/28/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/11/28/1
13
reference_url http://www.openwall.com/lists/oss-security/2023/11/28/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/28/1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252185
reference_id 2252185
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252185
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41678
reference_id CVE-2022-41678
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41678
16
reference_url https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
reference_id CVE-2022-41678-ANNOUNCEMENT.TXT
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt
17
reference_url https://github.com/advisories/GHSA-53v4-42fg-g287
reference_id GHSA-53v4-42fg-g287
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-53v4-42fg-g287
18
reference_url https://access.redhat.com/errata/RHSA-2024:2944
reference_id RHSA-2024:2944
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2944
19
reference_url https://usn.ubuntu.com/6910-1/
reference_id USN-6910-1
reference_type
scores
url https://usn.ubuntu.com/6910-1/
20
reference_url https://usn.ubuntu.com/7268-1/
reference_id USN-7268-1
reference_type
scores
url https://usn.ubuntu.com/7268-1/
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-jaas@5.16.6
purl pkg:maven/org.apache.activemq/activemq-jaas@5.16.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f5x2-zvxa-yba5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.16.6
1
url pkg:maven/org.apache.activemq/activemq-jaas@5.17.4
purl pkg:maven/org.apache.activemq/activemq-jaas@5.17.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-f5x2-zvxa-yba5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.17.4
aliases CVE-2022-41678, GHSA-53v4-42fg-g287
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4jb-36cp-1fc4
4
url VCID-rkj1-fqpn-cyfk
vulnerability_id VCID-rkj1-fqpn-cyfk
summary The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168094.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168651.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6524.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6524.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-6524
reference_id
reference_type
scores
0
value 0.01167
scoring_system epss
scoring_elements 0.78665
published_at 2026-04-21T12:55:00Z
1
value 0.01167
scoring_system epss
scoring_elements 0.78648
published_at 2026-04-12T12:55:00Z
2
value 0.01167
scoring_system epss
scoring_elements 0.78641
published_at 2026-04-13T12:55:00Z
3
value 0.01167
scoring_system epss
scoring_elements 0.7867
published_at 2026-04-16T12:55:00Z
4
value 0.01167
scoring_system epss
scoring_elements 0.78668
published_at 2026-04-18T12:55:00Z
5
value 0.01167
scoring_system epss
scoring_elements 0.78591
published_at 2026-04-01T12:55:00Z
6
value 0.01167
scoring_system epss
scoring_elements 0.78598
published_at 2026-04-02T12:55:00Z
7
value 0.01167
scoring_system epss
scoring_elements 0.78629
published_at 2026-04-04T12:55:00Z
8
value 0.01167
scoring_system epss
scoring_elements 0.7861
published_at 2026-04-07T12:55:00Z
9
value 0.01167
scoring_system epss
scoring_elements 0.78635
published_at 2026-04-08T12:55:00Z
10
value 0.01167
scoring_system epss
scoring_elements 0.78642
published_at 2026-04-09T12:55:00Z
11
value 0.01167
scoring_system epss
scoring_elements 0.78667
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-6524
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6524
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6524
5
reference_url https://github.com/apache/activemq
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq
6
reference_url https://github.com/apache/activemq/commit/0b5231ada5ce365b41832ba8752ee210145d1cbe
reference_id
reference_type
scores
url https://github.com/apache/activemq/commit/0b5231ada5ce365b41832ba8752ee210145d1cbe
7
reference_url https://github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/activemq/commit/22f2f3dde757d31307da772d579815c1d169bc39
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1257246
reference_id 1257246
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1257246
9
reference_url http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
reference_id CVE-2014-3612-ANNOUNCEMENT.TXT
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-6524
reference_id CVE-2015-6524
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-6524
11
reference_url https://github.com/advisories/GHSA-23cr-5hr4-rgwv
reference_id GHSA-23cr-5hr4-rgwv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23cr-5hr4-rgwv
fixed_packages
0
url pkg:maven/org.apache.activemq/activemq-jaas@5.10.2
purl pkg:maven/org.apache.activemq/activemq-jaas@5.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37ws-cqf7-4udm
1
vulnerability VCID-f5x2-zvxa-yba5
2
vulnerability VCID-k4jb-36cp-1fc4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.10.2
aliases CVE-2015-6524, GHSA-23cr-5hr4-rgwv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rkj1-fqpn-cyfk
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-jaas@5.7.0