VulnerableCode Package Details - pkg:deb/debian/activemq@5.16.0-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-18k1-3h2s-8uex	Apache ActiveMQ webconsole admin GUI is open to XSS In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.	CVE-2020-1941 GHSA-cc94-3v9c-7rm8
VCID-a3nb-p5p6-zbf7	Missing Authentication for Critical Function Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.	CVE-2020-13920 GHSA-xgrx-xpv2-6vp4

Vulnerability

Summary

Aliases

VCID-18k1-3h2s-8uex

Apache ActiveMQ webconsole admin GUI is open to XSS In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

CVE-2020-1941
GHSA-cc94-3v9c-7rm8

VCID-a3nb-p5p6-zbf7

Missing Authentication for Critical Function Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

CVE-2020-13920
GHSA-xgrx-xpv2-6vp4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:04:15.929743+00:00	Debian Importer	Fixing	VCID-a3nb-p5p6-zbf7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:25:27.572333+00:00	Debian Importer	Fixing	VCID-18k1-3h2s-8uex	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:14:52.514509+00:00	Debian Importer	Fixing	VCID-a3nb-p5p6-zbf7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:17:22.975045+00:00	Debian Importer	Fixing	VCID-18k1-3h2s-8uex	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:13:39.315207+00:00	Debian Importer	Fixing	VCID-a3nb-p5p6-zbf7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:53.674625+00:00	Debian Importer	Fixing	VCID-18k1-3h2s-8uex	https://security-tracker.debian.org/tracker/data/json	38.1.0