VulnerableCode Package Details - pkg:maven/org.apache.activemq/activemq-parent@4.1.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-a3nb-p5p6-zbf7 Aliases: CVE-2020-13920 GHSA-xgrx-xpv2-6vp4	Missing Authentication for Critical Function Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.	5.15.12 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-pwbk-99g5-9fhm Aliases: CVE-2010-0684 GHSA-mxf7-pv8q-294h	Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.	5.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yw5q-dtaz-1kc1 Aliases: CVE-2010-1244 GHSA-33j4-8vcr-f79v	Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.	5.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-a3nb-p5p6-zbf7
Aliases:
CVE-2020-13920
GHSA-xgrx-xpv2-6vp4

Missing Authentication for Critical Function Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

5.15.12
Affected by 1 other vulnerability.

VCID-pwbk-99g5-9fhm
Aliases:
CVE-2010-0684
GHSA-mxf7-pv8q-294h

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

5.3.1
Affected by 1 other vulnerability.

VCID-yw5q-dtaz-1kc1
Aliases:
CVE-2010-1244
GHSA-33j4-8vcr-f79v

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

5.3.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:46:24.599893+00:00	GitLab Importer	Affected by	VCID-yw5q-dtaz-1kc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-1244.yml	38.4.0
2026-04-16T21:46:22.009934+00:00	GitLab Importer	Affected by	VCID-pwbk-99g5-9fhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-0684.yml	38.4.0
2026-04-16T21:38:53.236269+00:00	GitLab Importer	Affected by	VCID-a3nb-p5p6-zbf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2020-13920.yml	38.4.0
2026-04-11T23:02:09.912727+00:00	GitLab Importer	Affected by	VCID-yw5q-dtaz-1kc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-1244.yml	38.3.0
2026-04-11T23:02:07.455114+00:00	GitLab Importer	Affected by	VCID-pwbk-99g5-9fhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-0684.yml	38.3.0
2026-04-11T22:54:01.159756+00:00	GitLab Importer	Affected by	VCID-a3nb-p5p6-zbf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2020-13920.yml	38.3.0
2026-04-02T23:10:37.467726+00:00	GitLab Importer	Affected by	VCID-yw5q-dtaz-1kc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-1244.yml	38.1.0
2026-04-02T23:10:35.174030+00:00	GitLab Importer	Affected by	VCID-pwbk-99g5-9fhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-0684.yml	38.1.0
2026-04-02T23:03:14.015012+00:00	GitLab Importer	Affected by	VCID-a3nb-p5p6-zbf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2020-13920.yml	38.1.0
2026-04-01T17:30:25.506085+00:00	GitLab Importer	Affected by	VCID-yw5q-dtaz-1kc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-1244.yml	38.0.0
2026-04-01T17:30:22.633994+00:00	GitLab Importer	Affected by	VCID-pwbk-99g5-9fhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-0684.yml	38.0.0
2026-04-01T17:22:08.541057+00:00	GitLab Importer	Affected by	VCID-a3nb-p5p6-zbf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2020-13920.yml	38.0.0