Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.activemq/activemq-broker@5.13.4

Type maven

Namespace org.apache.activemq

Name activemq-broker

Version 5.13.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.19.6

Latest_non_vulnerable_version 6.2.5

Affected_by_vulnerabilities

url VCID-1sr8-4fyh-3qgh

vulnerability_id VCID-1sr8-4fyh-3qgh

summary Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations on all ActiveMQ MBeans (org.apache.activemq:*), including BrokerService.addNetworkConnector(String) and BrokerService.addConnector(String). An authenticated attacker can invoke these operations with a crafted discovery URI that triggers the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ All: before 5.19.4, from 6.0.0 before 6.2.3; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.3. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34197.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34197.json

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-04-17T03:55:13Z/

url

https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34197

reference_id

reference_type

scores

value	0.83461
scoring_system	epss
scoring_elements	0.99296
published_at	2026-06-09T12:55:00Z

value	0.83461
scoring_system	epss
scoring_elements	0.99295
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34197

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-34197

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-34197

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34197

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-34197

reference_url

http://www.openwall.com/lists/oss-security/2026/04/06/3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/06/3

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id	1136024
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2455869
reference_id	2455869
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2455869

reference_url

https://github.com/advisories/GHSA-rxpj-7qvf-xv32

reference_id

GHSA-rxpj-7qvf-xv32

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rxpj-7qvf-xv32

fixed_packages

url pkg:maven/org.apache.activemq/activemq-broker@5.19.5

purl pkg:maven/org.apache.activemq/activemq-broker@5.19.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.19.5

url pkg:maven/org.apache.activemq/activemq-broker@6.2.3

purl pkg:maven/org.apache.activemq/activemq-broker@6.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@6.2.3

aliases CVE-2026-34197, GHSA-rxpj-7qvf-xv32

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1sr8-4fyh-3qgh

url VCID-3vsc-q337-rqcm

vulnerability_id VCID-3vsc-q337-rqcm

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13947

reference_id

reference_type

scores

value	0.04029
scoring_system	epss
scoring_elements	0.88726
published_at	2026-06-09T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.8871
published_at	2026-06-07T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88694
published_at	2026-06-04T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88709
published_at	2026-06-08T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88712
published_at	2026-06-06T12:55:00Z

value	0.04029
scoring_system	epss
scoring_elements	0.88711
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13947

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80

reference_url

https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1

reference_url

https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13947

reference_id

CVE-2020-13947

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13947

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt

reference_id

CVE-2020-13947-ANNOUNCEMENT.TXT

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt

reference_url

https://github.com/advisories/GHSA-66gw-ch5v-74v8

reference_id

GHSA-66gw-ch5v-74v8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-66gw-ch5v-74v8

fixed_packages

url pkg:maven/org.apache.activemq/activemq-broker@5.15.14

purl pkg:maven/org.apache.activemq/activemq-broker@5.15.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-gtr9-vc8r-n3ed

vulnerability	VCID-jr78-93dc-6ud9

vulnerability	VCID-mvdm-63pj-mfbm

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.15.14

url pkg:maven/org.apache.activemq/activemq-broker@5.16.1

purl pkg:maven/org.apache.activemq/activemq-broker@5.16.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-gtr9-vc8r-n3ed

vulnerability	VCID-jr78-93dc-6ud9

vulnerability	VCID-mvdm-63pj-mfbm

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.16.1

aliases CVE-2020-13947, GHSA-66gw-ch5v-74v8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vsc-q337-rqcm

url VCID-6krh-gg3s-zycs

vulnerability_id VCID-6krh-gg3s-zycs

summary Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes the broker to exhaust all its memory in the SSL engine leading to DoS. Note: TLS versions before TLSv1.3 (such as TLSv1.2) are broken but are not vulnerable to OOM. Previous TLS versions require a full handshake renegotiation which causes a connection to hang but not OOM. This is fixed as well. This issue affects Apache ActiveMQ Client: before 5.19.4, from 6.0.0 before 6.2.4; Apache ActiveMQ Broker: before 5.19.4, from 6.0.0 before 6.2.4; Apache ActiveMQ: before 5.19.4, from 6.0.0 before 6.2.4. Users are recommended to upgrade to version 6.2.4 or 5.19.5, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39304.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39304.json

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2026-39304-announcement.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T14:10:10Z/

url

https://activemq.apache.org/security-advisories.data/CVE-2026-39304-announcement.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-39304

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.17825
published_at	2026-06-09T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17923
published_at	2026-06-05T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.1792
published_at	2026-06-06T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17883
published_at	2026-06-07T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17807
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-39304

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39304

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-39304

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-39304

reference_url

http://www.openwall.com/lists/oss-security/2026/04/09/17

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/09/17

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id	1136024
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2457275
reference_id	2457275
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2457275

reference_url

https://github.com/advisories/GHSA-5568-6qcg-g7fx

reference_id

GHSA-5568-6qcg-g7fx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5568-6qcg-g7fx

fixed_packages

url pkg:maven/org.apache.activemq/activemq-broker@5.19.4

purl pkg:maven/org.apache.activemq/activemq-broker@5.19.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.19.4

url pkg:maven/org.apache.activemq/activemq-broker@6.2.4

purl pkg:maven/org.apache.activemq/activemq-broker@6.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@6.2.4

aliases CVE-2026-39304, GHSA-5568-6qcg-g7fx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6krh-gg3s-zycs

url VCID-c68m-kbax-q7de

vulnerability_id VCID-c68m-kbax-q7de

summary Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing queues in the web console by overriding the content type to be HTML (instead of XML) and by injecting HTML into a JMS selector field. This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Web: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41043.json

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41043.json

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2026-41043-announcement.txt

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-24T18:05:08Z/

url

https://activemq.apache.org/security-advisories.data/CVE-2026-41043-announcement.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-41043

reference_id

reference_type

scores

value	0.00241
scoring_system	epss
scoring_elements	0.47589
published_at	2026-06-09T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47621
published_at	2026-06-05T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47623
published_at	2026-06-06T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47606
published_at	2026-06-07T12:55:00Z

value	0.00241
scoring_system	epss
scoring_elements	0.47576
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-41043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41043

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-41043

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-41043

reference_url

http://www.openwall.com/lists/oss-security/2026/04/23/5

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/23/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id	1136024
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461407
reference_id	2461407
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461407

reference_url

https://github.com/advisories/GHSA-2jp3-2923-9h52

reference_id

GHSA-2jp3-2923-9h52

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2jp3-2923-9h52

fixed_packages

url	pkg:maven/org.apache.activemq/activemq-broker@5.19.6
purl	pkg:maven/org.apache.activemq/activemq-broker@5.19.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.19.6

url	pkg:maven/org.apache.activemq/activemq-broker@6.2.5
purl	pkg:maven/org.apache.activemq/activemq-broker@6.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@6.2.5

aliases CVE-2026-41043, GHSA-2jp3-2923-9h52

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c68m-kbax-q7de

url VCID-gtr9-vc8r-n3ed

vulnerability_id VCID-gtr9-vc8r-n3ed

summary

False positive
This advisory has been marked as a false positive.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-41678

reference_id

reference_type

scores

value	0.93
scoring_system	epss
scoring_elements	0.9979
published_at	2026-06-09T12:55:00Z

value	0.93
scoring_system	epss
scoring_elements	0.99788
published_at	2026-06-07T12:55:00Z

value	0.93
scoring_system	epss
scoring_elements	0.99789
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-41678

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/5c8d457d9

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/5c8d457d9

reference_url

https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2

reference_url

https://github.com/apache/activemq/commit/bf65929fd

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/bf65929fd

reference_url

https://github.com/apache/activemq/commit/d8ce1d9ff

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/d8ce1d9ff

reference_url

https://github.com/apache/activemq/pull/958

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/pull/958

reference_url

https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_url

https://security.netapp.com/advisory/ntap-20240216-0004

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240216-0004

reference_url

https://www.openwall.com/lists/oss-security/2023/11/28/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/11/28/1

reference_url

http://www.openwall.com/lists/oss-security/2023/11/28/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/11/28/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252185
reference_id	2252185
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252185

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-41678

reference_id

CVE-2022-41678

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-41678

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt

reference_id

CVE-2022-41678-ANNOUNCEMENT.TXT

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt

reference_url

https://github.com/advisories/GHSA-53v4-42fg-g287

reference_id

GHSA-53v4-42fg-g287

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-53v4-42fg-g287

reference_url	https://access.redhat.com/errata/RHSA-2024:2944
reference_id	RHSA-2024:2944
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2944

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

reference_url	https://usn.ubuntu.com/7268-1/
reference_id	USN-7268-1
reference_type
scores
url	https://usn.ubuntu.com/7268-1/

fixed_packages

url pkg:maven/org.apache.activemq/activemq-broker@5.16.6

purl pkg:maven/org.apache.activemq/activemq-broker@5.16.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-jr78-93dc-6ud9

vulnerability	VCID-mvdm-63pj-mfbm

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.16.6

url pkg:maven/org.apache.activemq/activemq-broker@5.17.4

purl pkg:maven/org.apache.activemq/activemq-broker@5.17.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-jr78-93dc-6ud9

vulnerability	VCID-mvdm-63pj-mfbm

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.17.4

aliases CVE-2022-41678, GHSA-53v4-42fg-g287

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gtr9-vc8r-n3ed

url VCID-jr78-93dc-6ud9

vulnerability_id VCID-jr78-93dc-6ud9

summary

False positive
This advisory has been marked as a false positive.

references

reference_url

http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46604

reference_id

reference_type

scores

value	0.94436
scoring_system	epss
scoring_elements	0.99989
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604

reference_url

http://seclists.org/fulldisclosure/2024/Apr/18

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

http://seclists.org/fulldisclosure/2024/Apr/18

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc

reference_url

https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d

reference_url

https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f

reference_url

https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436

reference_url

https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0

reference_url

https://github.com/apache/activemq/pull/1098

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/pull/1098

reference_url

https://issues.apache.org/jira/browse/AMQ-9370

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/AMQ-9370

reference_url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html

reference_url

https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html

reference_url

https://security.netapp.com/advisory/ntap-20231110-0010

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231110-0010

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604

reference_url

https://www.openwall.com/lists/oss-security/2023/10/27/5

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://www.openwall.com/lists/oss-security/2023/10/27/5

reference_url

http://www.openwall.com/lists/oss-security/2023/10/27/5

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/10/27/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909
reference_id	1054909
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2246645
reference_id	2246645
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2246645

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604

reference_id

CVE-2023-46604

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-46604

reference_id

CVE-2023-46604

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-46604

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt

reference_id

CVE-2023-46604-ANNOUNCEMENT.TXT

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt

reference_url

https://github.com/advisories/GHSA-crg9-44h2-xw35

reference_id

GHSA-crg9-44h2-xw35

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-crg9-44h2-xw35

reference_url

https://security.netapp.com/advisory/ntap-20231110-0010/

reference_id

ntap-20231110-0010

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	Act
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/

url

https://security.netapp.com/advisory/ntap-20231110-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:6849
reference_id	RHSA-2023:6849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6849

reference_url	https://access.redhat.com/errata/RHSA-2023:6866
reference_id	RHSA-2023:6866
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6866

reference_url	https://access.redhat.com/errata/RHSA-2023:6877
reference_id	RHSA-2023:6877
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6877

reference_url	https://access.redhat.com/errata/RHSA-2023:6878
reference_id	RHSA-2023:6878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6878

reference_url	https://access.redhat.com/errata/RHSA-2023:6879
reference_id	RHSA-2023:6879
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6879

reference_url	https://access.redhat.com/errata/RHSA-2023:7247
reference_id	RHSA-2023:7247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7247

reference_url	https://usn.ubuntu.com/6910-1/
reference_id	USN-6910-1
reference_type
scores
url	https://usn.ubuntu.com/6910-1/

reference_url	https://usn.ubuntu.com/7268-1/
reference_id	USN-7268-1
reference_type
scores
url	https://usn.ubuntu.com/7268-1/

fixed_packages

url pkg:maven/org.apache.activemq/activemq-broker@5.15.16

purl pkg:maven/org.apache.activemq/activemq-broker@5.15.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-gtr9-vc8r-n3ed

vulnerability	VCID-mvdm-63pj-mfbm

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.15.16

url pkg:maven/org.apache.activemq/activemq-broker@5.16.7

purl pkg:maven/org.apache.activemq/activemq-broker@5.16.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-mvdm-63pj-mfbm

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.16.7

url pkg:maven/org.apache.activemq/activemq-broker@5.17.6

purl pkg:maven/org.apache.activemq/activemq-broker@5.17.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-mvdm-63pj-mfbm

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.17.6

url pkg:maven/org.apache.activemq/activemq-broker@5.18.3

purl pkg:maven/org.apache.activemq/activemq-broker@5.18.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-mvdm-63pj-mfbm

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.18.3

aliases CVE-2023-46604, GHSA-crg9-44h2-xw35

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jr78-93dc-6ud9

url VCID-mvdm-63pj-mfbm

vulnerability_id VCID-mvdm-63pj-mfbm

summary Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances (when creating a Stomp consumer and also browsing messages in the Web console) an authenticated user provided "key" value could be constructed to traverse the classpath due to path concatenation. As a result, the application is exposed to a classpath path resource loading vulnerability that could potentially be chained together with another attack to lead to exploit. This issue affects Apache ActiveMQ Client: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ Broker: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ All: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ Web: before 5.19.3, from 6.0.0 before 6.2.2; Apache ActiveMQ: before 5.19.3, from 6.0.0 before 6.2.2. Users are recommended to upgrade to version 5.19.4 or 6.2.3, which fixes the issue. Note: 5.19.3 and 6.2.2 also fix this issue, but that is limited to non-Windows environments due to a path separator resolution bug fixed in 5.19.4 and 6.2.3.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33227.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33227.json

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2026-33227-announcement.txt

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:04:21Z/

url

https://activemq.apache.org/security-advisories.data/CVE-2026-33227-announcement.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33227

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.23033
published_at	2026-06-09T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23142
published_at	2026-06-05T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23128
published_at	2026-06-06T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23084
published_at	2026-06-07T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23029
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33227

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33227

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33227

reference_url

http://www.openwall.com/lists/oss-security/2026/04/06/4

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/06/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id	1136024
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2455867
reference_id	2455867
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2455867

reference_url

https://github.com/advisories/GHSA-h2h4-5m64-m273

reference_id

GHSA-h2h4-5m64-m273

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h2h4-5m64-m273

fixed_packages

url pkg:maven/org.apache.activemq/activemq-broker@5.19.3

purl pkg:maven/org.apache.activemq/activemq-broker@5.19.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.19.3

url pkg:maven/org.apache.activemq/activemq-broker@6.2.2

purl pkg:maven/org.apache.activemq/activemq-broker@6.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@6.2.2

aliases CVE-2026-33227, GHSA-h2h4-5m64-m273

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvdm-63pj-mfbm

url VCID-wq4w-pv6u-cbfy

vulnerability_id VCID-wq4w-pv6u-cbfy

summary Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to include an xbean binding that can be later used by a VM transport to load a remote Spring XML application. The attacker can then use the DestinationView mbean to send a message to trigger a VM transport creation that will reference this malicious broker name which can lead to loading the malicious Spring XML context file. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41044.json

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41044.json

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-24T18:22:17Z/

url

https://activemq.apache.org/security-advisories.data/CVE-2026-41044-announcement.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-41044

reference_id

reference_type

scores

value	0.00073
scoring_system	epss
scoring_elements	0.2225
published_at	2026-06-09T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.2235
published_at	2026-06-05T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22337
published_at	2026-06-06T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.2229
published_at	2026-06-07T12:55:00Z

value	0.00073
scoring_system	epss
scoring_elements	0.22236
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-41044

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41044
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41044

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-41044

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-41044

reference_url

http://www.openwall.com/lists/oss-security/2026/04/23/6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/23/6

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id	1136024
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461409
reference_id	2461409
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461409

reference_url

https://github.com/advisories/GHSA-mr6m-xj7v-3cv3

reference_id

GHSA-mr6m-xj7v-3cv3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mr6m-xj7v-3cv3

fixed_packages

url	pkg:maven/org.apache.activemq/activemq-broker@5.19.6
purl	pkg:maven/org.apache.activemq/activemq-broker@5.19.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.19.6

url	pkg:maven/org.apache.activemq/activemq-broker@6.2.5
purl	pkg:maven/org.apache.activemq/activemq-broker@6.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@6.2.5

aliases CVE-2026-41044, GHSA-mr6m-xj7v-3cv3

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wq4w-pv6u-cbfy

url VCID-wqnn-qtv3-2yec

vulnerability_id VCID-wqnn-qtv3-2yec

summary Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport via BrokerView.addNetworkConnector or BrokerView.addConnector through Jolokia if the activemq-http module is on the classpath. A malicious HTTP endpoint can return a VM transport through the HTTP URI which will bypass the validation added in CVE-2026-34197. The attacker can then use the VM transport's brokerConfig parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 5.19.6 or 6.2.5, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40466.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40466.json

reference_url

https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-27T13:37:05Z/

url

https://activemq.apache.org/security-advisories.data/CVE-2026-34197-announcement.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40466

reference_id

reference_type

scores

value	0.18014
scoring_system	epss
scoring_elements	0.95302
published_at	2026-06-09T12:55:00Z

value	0.18014
scoring_system	epss
scoring_elements	0.95294
published_at	2026-06-05T12:55:00Z

value	0.18014
scoring_system	epss
scoring_elements	0.95296
published_at	2026-06-06T12:55:00Z

value	0.18014
scoring_system	epss
scoring_elements	0.95298
published_at	2026-06-07T12:55:00Z

value	0.18014
scoring_system	epss
scoring_elements	0.95299
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40466

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40466

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40466

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024
reference_id	1136024
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136024

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2461410
reference_id	2461410
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2461410

reference_url

https://github.com/advisories/GHSA-w3w2-mpp5-92gm

reference_id

GHSA-w3w2-mpp5-92gm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w3w2-mpp5-92gm

fixed_packages

url	pkg:maven/org.apache.activemq/activemq-broker@5.19.6
purl	pkg:maven/org.apache.activemq/activemq-broker@5.19.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.19.6

url	pkg:maven/org.apache.activemq/activemq-broker@6.2.5
purl	pkg:maven/org.apache.activemq/activemq-broker@6.2.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@6.2.5

aliases CVE-2026-40466, GHSA-w3w2-mpp5-92gm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqnn-qtv3-2yec

url VCID-xjzx-q2hk-guc4

vulnerability_id VCID-xjzx-q2hk-guc4

summary

Code Injection
In Apache ActiveMQ, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

references

reference_url

http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0222.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0222.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-0222

reference_id

reference_type

scores

value	0.08918
scoring_system	epss
scoring_elements	0.92729
published_at	2026-06-08T12:55:00Z

value	0.08918
scoring_system	epss
scoring_elements	0.92731
published_at	2026-06-07T12:55:00Z

value	0.08918
scoring_system	epss
scoring_elements	0.92736
published_at	2026-06-06T12:55:00Z

value	0.08918
scoring_system	epss
scoring_elements	0.9274
published_at	2026-06-05T12:55:00Z

value	0.08918
scoring_system	epss
scoring_elements	0.92744
published_at	2026-06-09T12:55:00Z

value	0.08918
scoring_system	epss
scoring_elements	0.92728
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-0222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0222

reference_url

https://github.com/apache/activemq

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq

reference_url

https://github.com/apache/activemq/commit/98b9f2e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/98b9f2e

reference_url

https://github.com/apache/activemq/commit/f78c0962ffb46fae3397eed6b7ec1e6e15045031

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/activemq/commit/f78c0962ffb46fae3397eed6b7ec1e6e15045031

reference_url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488@%3Cusers.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488@%3Cusers.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html

reference_url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html

reference_url

https://security.netapp.com/advisory/ntap-20190502-0006

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190502-0006

reference_url

https://web.archive.org/web/20190404065432/http://www.securityfocus.com/bid/107622

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20190404065432/http://www.securityfocus.com/bid/107622

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.openwall.com/lists/oss-security/2019/03/27/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/03/27/2

reference_url	http://www.securityfocus.com/bid/107622
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/107622

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696012
reference_id	1696012
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696012

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925964
reference_id	925964
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925964

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988109
reference_id	988109
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988109

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-0222

reference_id

CVE-2019-0222

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-0222

reference_url

https://github.com/advisories/GHSA-jpv3-g4cc-6vfx

reference_id

GHSA-jpv3-g4cc-6vfx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jpv3-g4cc-6vfx

reference_url	https://access.redhat.com/errata/RHSA-2020:0922
reference_id	RHSA-2020:0922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0922

reference_url	https://access.redhat.com/errata/RHSA-2020:1445
reference_id	RHSA-2020:1445
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1445

reference_url	https://usn.ubuntu.com/6685-1/
reference_id	USN-6685-1
reference_type
scores
url	https://usn.ubuntu.com/6685-1/

fixed_packages

url pkg:maven/org.apache.activemq/activemq-broker@5.15.9

purl pkg:maven/org.apache.activemq/activemq-broker@5.15.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sr8-4fyh-3qgh

vulnerability	VCID-3vsc-q337-rqcm

vulnerability	VCID-6krh-gg3s-zycs

vulnerability	VCID-c68m-kbax-q7de

vulnerability	VCID-gtr9-vc8r-n3ed

vulnerability	VCID-jr78-93dc-6ud9

vulnerability	VCID-mvdm-63pj-mfbm

vulnerability	VCID-wq4w-pv6u-cbfy

vulnerability	VCID-wqnn-qtv3-2yec

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.15.9

aliases CVE-2019-0222, GHSA-jpv3-g4cc-6vfx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xjzx-q2hk-guc4

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-broker@5.13.4

Package Instance