VulnerableCode Package Details - pkg:maven/org.apache.activemq/activemq-parent@5.3.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-a3nb-p5p6-zbf7 Aliases: CVE-2020-13920 GHSA-xgrx-xpv2-6vp4	Missing Authentication for Critical Function Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.	5.15.12 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-a3nb-p5p6-zbf7
Aliases:
CVE-2020-13920
GHSA-xgrx-xpv2-6vp4

Missing Authentication for Critical Function Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

5.15.12
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-pwbk-99g5-9fhm	Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.	CVE-2010-0684 GHSA-mxf7-pv8q-294h
VCID-yw5q-dtaz-1kc1	Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.	CVE-2010-1244 GHSA-33j4-8vcr-f79v

Vulnerability

Summary

Aliases

VCID-pwbk-99g5-9fhm

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

CVE-2010-0684
GHSA-mxf7-pv8q-294h

VCID-yw5q-dtaz-1kc1

Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.

CVE-2010-1244
GHSA-33j4-8vcr-f79v

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:46:24.616757+00:00	GitLab Importer	Fixing	VCID-yw5q-dtaz-1kc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-1244.yml	38.4.0
2026-04-16T21:46:22.026806+00:00	GitLab Importer	Fixing	VCID-pwbk-99g5-9fhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-0684.yml	38.4.0
2026-04-16T21:38:53.244063+00:00	GitLab Importer	Affected by	VCID-a3nb-p5p6-zbf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2020-13920.yml	38.4.0
2026-04-11T23:02:09.932808+00:00	GitLab Importer	Fixing	VCID-yw5q-dtaz-1kc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-1244.yml	38.3.0
2026-04-11T23:02:07.473196+00:00	GitLab Importer	Fixing	VCID-pwbk-99g5-9fhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-0684.yml	38.3.0
2026-04-11T22:54:01.177741+00:00	GitLab Importer	Affected by	VCID-a3nb-p5p6-zbf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2020-13920.yml	38.3.0
2026-04-02T23:10:37.483933+00:00	GitLab Importer	Fixing	VCID-yw5q-dtaz-1kc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-1244.yml	38.1.0
2026-04-02T23:10:35.190557+00:00	GitLab Importer	Fixing	VCID-pwbk-99g5-9fhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-0684.yml	38.1.0
2026-04-02T23:03:14.031424+00:00	GitLab Importer	Affected by	VCID-a3nb-p5p6-zbf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2020-13920.yml	38.1.0
2026-04-01T17:22:08.563505+00:00	GitLab Importer	Affected by	VCID-a3nb-p5p6-zbf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2020-13920.yml	38.0.0
2026-04-01T16:00:41.593816+00:00	GHSA Importer	Fixing	VCID-yw5q-dtaz-1kc1	https://github.com/advisories/GHSA-33j4-8vcr-f79v	38.0.0
2026-04-01T16:00:41.271570+00:00	GHSA Importer	Fixing	VCID-pwbk-99g5-9fhm	https://github.com/advisories/GHSA-mxf7-pv8q-294h	38.0.0
2026-04-01T13:10:51.989091+00:00	GithubOSV Importer	Fixing	VCID-yw5q-dtaz-1kc1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-33j4-8vcr-f79v/GHSA-33j4-8vcr-f79v.json	38.0.0
2026-04-01T13:09:13.680487+00:00	GithubOSV Importer	Fixing	VCID-pwbk-99g5-9fhm	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mxf7-pv8q-294h/GHSA-mxf7-pv8q-294h.json	38.0.0
2026-04-01T12:50:01.418251+00:00	GitLab Importer	Fixing	VCID-yw5q-dtaz-1kc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-1244.yml	38.0.0
2026-04-01T12:50:01.000545+00:00	GitLab Importer	Fixing	VCID-pwbk-99g5-9fhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.activemq/activemq-parent/CVE-2010-0684.yml	38.0.0