{"url":"http://public2.vulnerablecode.io/api/packages/214565?format=json","purl":"pkg:maven/org.apache.activemq/activemq-core@5.4.3","type":"maven","namespace":"org.apache.activemq","name":"activemq-core","version":"5.4.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12573?format=json","vulnerability_id":"VCID-37ws-cqf7-4udm","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAn instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13947","reference_id":"","reference_type":"","scores":[{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88607","published_at":"2026-05-15T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88459","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88462","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88481","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88487","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88497","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.8849","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88489","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88504","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.885","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88498","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88515","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.8852","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88519","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.8853","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88546","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88561","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88558","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88571","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88599","published_at":"2026-05-14T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88435","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04029","scoring_system":"epss","scoring_elements":"0.88443","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13947"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13947"},{"reference_url":"https://github.com/apache/activemq","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq"},{"reference_url":"https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/177eb71c52069712bcc9fe14c70e079cc2671a80"},{"reference_url":"https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/compare/activemq-5.16.0...activemq-5.16.1"},{"reference_url":"https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13947","reference_id":"CVE-2020-13947","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13947"},{"reference_url":"http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt","reference_id":"CVE-2020-13947-ANNOUNCEMENT.TXT","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt"},{"reference_url":"https://github.com/advisories/GHSA-66gw-ch5v-74v8","reference_id":"GHSA-66gw-ch5v-74v8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66gw-ch5v-74v8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/569350?format=json","purl":"pkg:maven/org.apache.activemq/activemq-core@5.15.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.15.14"},{"url":"http://public2.vulnerablecode.io/api/packages/569351?format=json","purl":"pkg:maven/org.apache.activemq/activemq-core@5.16.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.16.1"}],"aliases":["CVE-2020-13947","GHSA-66gw-ch5v-74v8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37ws-cqf7-4udm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12649?format=json","vulnerability_id":"VCID-a3nb-p5p6-zbf7","summary":"Missing Authentication for Critical Function\nApache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13920.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13920.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13920","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38404","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38837","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38849","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38813","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38785","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.3883","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38333","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38451","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38808","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38539","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38728","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38564","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38325","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38415","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39352","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39451","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39537","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00179","scoring_system":"epss","scoring_elements":"0.39514","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40442","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40428","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40354","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13920"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13920","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13920"},{"reference_url":"https://github.com/apache/activemq","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq"},{"reference_url":"https://github.com/apache/activemq/commit/359ae4b","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/359ae4b"},{"reference_url":"https://github.com/apache/activemq/commit/48cd61d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/48cd61d"},{"reference_url":"https://github.com/apache/activemq/commit/58382283330f7c7b110c7afd8ef4ca2648786532","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/58382283330f7c7b110c7afd8ef4ca2648786532"},{"reference_url":"https://github.com/apache/activemq/commit/b7dca5e","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/b7dca5e"},{"reference_url":"https://issues.apache.org/jira/browse/AMQ-7400","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AMQ-7400"},{"reference_url":"https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880101","reference_id":"1880101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1880101"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13920","reference_id":"CVE-2020-13920","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13920"},{"reference_url":"http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt","reference_id":"CVE-2020-13920-ANNOUNCEMENT.TXT","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt"},{"reference_url":"https://github.com/advisories/GHSA-xgrx-xpv2-6vp4","reference_id":"GHSA-xgrx-xpv2-6vp4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xgrx-xpv2-6vp4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3205","reference_id":"RHSA-2021:3205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3207","reference_id":"RHSA-2021:3207","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3207"},{"reference_url":"https://usn.ubuntu.com/6910-1/","reference_id":"USN-6910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6910-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/569112?format=json","purl":"pkg:maven/org.apache.activemq/activemq-core@5.15.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.15.12"}],"aliases":["CVE-2020-13920","GHSA-xgrx-xpv2-6vp4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3nb-p5p6-zbf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4960?format=json","vulnerability_id":"VCID-a7j9-mzvg-cycr","summary":"Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1029.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1029.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1880.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1880.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1880","reference_id":"","reference_type":"","scores":[{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80389","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80279","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80295","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80317","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80333","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80329","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80346","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80386","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80145","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80152","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80172","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.8016","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80188","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80196","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80216","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80202","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80197","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80226","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80227","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.8023","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80256","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01367","scoring_system":"epss","scoring_elements":"0.80263","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1880"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=924447","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=924447"},{"reference_url":"https://github.com/apache/activemq","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq"},{"reference_url":"https://github.com/apache/activemq/commit/fafd12dfd4f71336f8e32c090d40ed1445959b40","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/fafd12dfd4f71336f8e32c090d40ed1445959b40"},{"reference_url":"https://issues.apache.org/jira/browse/AMQ-4398","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AMQ-4398"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1880","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1880"},{"reference_url":"http://www.securityfocus.com/bid/65615","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/65615"},{"reference_url":"https://github.com/advisories/GHSA-c9gx-27hq-wcvj","reference_id":"GHSA-c9gx-27hq-wcvj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9gx-27hq-wcvj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1029","reference_id":"RHSA-2013:1029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83994?format=json","purl":"pkg:maven/org.apache.activemq/activemq-core@5.9.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.9.0"}],"aliases":["CVE-2013-1880","GHSA-c9gx-27hq-wcvj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7j9-mzvg-cycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4739?format=json","vulnerability_id":"VCID-anw6-f8f2-q3hx","summary":"Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js.  NOTE: AMQ-4124 is covered by CVE-2012-6551.","references":[{"reference_url":"http://activemq.apache.org/activemq-580-release.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://activemq.apache.org/activemq-580-release.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1029.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1029.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6092.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6092.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6092","reference_id":"","reference_type":"","scores":[{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85719","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85597","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85608","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85609","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85627","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85649","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85666","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85661","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85674","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.8571","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85481","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85493","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85509","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85514","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85534","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85543","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85557","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85555","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85551","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85574","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02575","scoring_system":"epss","scoring_elements":"0.85576","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6092"},{"reference_url":"https://fisheye6.atlassian.com/changelog/activemq?cs=1399577","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://fisheye6.atlassian.com/changelog/activemq?cs=1399577"},{"reference_url":"https://github.com/apache/activemq","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq"},{"reference_url":"https://github.com/apache/activemq/commit/51eb87a84be88d28383ea48f6e341ffe1203c5ba","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/51eb87a84be88d28383ea48f6e341ffe1203c5ba"},{"reference_url":"https://issues.apache.org/jira/browse/AMQ-4115","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AMQ-4115"},{"reference_url":"https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282"},{"reference_url":"http://www.securityfocus.com/bid/59400","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/59400"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=955906","reference_id":"955906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=955906"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:m4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6092","reference_id":"CVE-2012-6092","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6092"},{"reference_url":"https://github.com/advisories/GHSA-rp9p-863f-9c4h","reference_id":"GHSA-rp9p-863f-9c4h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rp9p-863f-9c4h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1029","reference_id":"RHSA-2013:1029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55357?format=json","purl":"pkg:maven/org.apache.activemq/activemq-core@5.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.8.0"}],"aliases":["CVE-2012-6092","GHSA-rp9p-863f-9c4h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-anw6-f8f2-q3hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4952?format=json","vulnerability_id":"VCID-cuhh-zgq5-n3gr","summary":"Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2011/12/25/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/12/25/2"},{"reference_url":"http://openwall.com/lists/oss-security/2011/12/25/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2011/12/25/6"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4905.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4905.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4905","reference_id":"","reference_type":"","scores":[{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.94012","published_at":"2026-05-15T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93953","published_at":"2026-04-18T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93954","published_at":"2026-04-21T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93956","published_at":"2026-04-26T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93955","published_at":"2026-04-29T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93964","published_at":"2026-05-05T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93975","published_at":"2026-05-07T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93985","published_at":"2026-05-09T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93991","published_at":"2026-05-11T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93995","published_at":"2026-05-12T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.94008","published_at":"2026-05-14T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93889","published_at":"2026-04-01T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93898","published_at":"2026-04-02T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93907","published_at":"2026-04-04T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.9391","published_at":"2026-04-07T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.9392","published_at":"2026-04-08T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93923","published_at":"2026-04-09T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93927","published_at":"2026-04-13T12:55:00Z"},{"value":"0.12504","scoring_system":"epss","scoring_elements":"0.93948","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4905"},{"reference_url":"https://github.com/apache/activemq","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq"},{"reference_url":"https://github.com/apache/activemq/commit/3a71f8e33d0309cb0ca5b5758a8f251da205e757","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/3a71f8e33d0309cb0ca5b5758a8f251da205e757"},{"reference_url":"https://github.com/apache/activemq/commit/9df9d3e89140b7329654ad5675259ec6f0c4b3a7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/9df9d3e89140b7329654ad5675259ec6f0c4b3a7"},{"reference_url":"https://github.com/apache/activemq/commit/da7f9962c640666a743675085922bf75a656f81b","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/da7f9962c640666a743675085922bf75a656f81b"},{"reference_url":"https://issues.apache.org/jira/browse/AMQ-1928","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AMQ-1928"},{"reference_url":"https://issues.apache.org/jira/browse/AMQ-3294","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AMQ-3294"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4905","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4905"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1209700","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1209700"},{"reference_url":"http://svn.apache.org/viewvc?view=revision&revision=1211844","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://svn.apache.org/viewvc?view=revision&revision=1211844"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655495","reference_id":"655495","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655495"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=769770","reference_id":"769770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=769770"},{"reference_url":"https://github.com/advisories/GHSA-9wcx-326r-7j7w","reference_id":"GHSA-9wcx-326r-7j7w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9wcx-326r-7j7w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83861?format=json","purl":"pkg:maven/org.apache.activemq/activemq-core@5.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ws-cqf7-4udm"},{"vulnerability":"VCID-a3nb-p5p6-zbf7"},{"vulnerability":"VCID-a7j9-mzvg-cycr"},{"vulnerability":"VCID-anw6-f8f2-q3hx"},{"vulnerability":"VCID-f5x2-zvxa-yba5"},{"vulnerability":"VCID-k4jb-36cp-1fc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.6.0"}],"aliases":["CVE-2011-4905","GHSA-9wcx-326r-7j7w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cuhh-zgq5-n3gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19640?format=json","vulnerability_id":"VCID-f5x2-zvxa-yba5","summary":"False positive\nThis advisory has been marked as a false positive.","references":[{"reference_url":"http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46604.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46604","reference_id":"","reference_type":"","scores":[{"value":"0.94436","scoring_system":"epss","scoring_elements":"0.99988","published_at":"2026-05-15T12:55:00Z"},{"value":"0.94436","scoring_system":"epss","scoring_elements":"0.99987","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46604"},{"reference_url":"http://seclists.org/fulldisclosure/2024/Apr/18","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Apr/18"},{"reference_url":"https://github.com/apache/activemq","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq"},{"reference_url":"https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/22442b2385b1000312aec3d19e510131d595a5fc"},{"reference_url":"https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/80089f9f476afab7d976f5fc37c5ab4aa0c2139d"},{"reference_url":"https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/958330df26cf3d5cdb63905dc2c6882e98781d8f"},{"reference_url":"https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/9905e2a5bf9862a049f94ce0a2465b0c7ad52436"},{"reference_url":"https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/d0ccdd31544ada83185554c87c7aa141064020f0"},{"reference_url":"https://github.com/apache/activemq/pull/1098","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/pull/1098"},{"reference_url":"https://issues.apache.org/jira/browse/AMQ-9370","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/AMQ-9370"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html"},{"reference_url":"https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/"}],"url":"https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231110-0010","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231110-0010"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/10/27/5","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/10/27/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/27/5","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/10/27/5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909","reference_id":"1054909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054909"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2246645","reference_id":"2246645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2246645"},{"reference_url":"https://activemq.apache.org/security-advisories.data/CVE-2023-46604","reference_id":"CVE-2023-46604","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://activemq.apache.org/security-advisories.data/CVE-2023-46604"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46604","reference_id":"CVE-2023-46604","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46604"},{"reference_url":"https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt","reference_id":"CVE-2023-46604-ANNOUNCEMENT.TXT","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/"}],"url":"https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"},{"reference_url":"https://github.com/advisories/GHSA-crg9-44h2-xw35","reference_id":"GHSA-crg9-44h2-xw35","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crg9-44h2-xw35"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231110-0010/","reference_id":"ntap-20231110-0010","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T15:16:07Z/"}],"url":"https://security.netapp.com/advisory/ntap-20231110-0010/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6849","reference_id":"RHSA-2023:6849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6866","reference_id":"RHSA-2023:6866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6877","reference_id":"RHSA-2023:6877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6878","reference_id":"RHSA-2023:6878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6879","reference_id":"RHSA-2023:6879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6879"},{"reference_url":"https://usn.ubuntu.com/6910-1/","reference_id":"USN-6910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6910-1/"},{"reference_url":"https://usn.ubuntu.com/7268-1/","reference_id":"USN-7268-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7268-1/"}],"fixed_packages":[],"aliases":["CVE-2023-46604","GHSA-crg9-44h2-xw35"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5x2-zvxa-yba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19641?format=json","vulnerability_id":"VCID-k4jb-36cp-1fc4","summary":"False positive\nThis advisory has been marked as a false positive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41678.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41678","reference_id":"","reference_type":"","scores":[{"value":"0.9303","scoring_system":"epss","scoring_elements":"0.99788","published_at":"2026-05-05T12:55:00Z"},{"value":"0.9303","scoring_system":"epss","scoring_elements":"0.99787","published_at":"2026-04-26T12:55:00Z"},{"value":"0.9303","scoring_system":"epss","scoring_elements":"0.99786","published_at":"2026-04-21T12:55:00Z"},{"value":"0.93141","scoring_system":"epss","scoring_elements":"0.998","published_at":"2026-05-15T12:55:00Z"},{"value":"0.93141","scoring_system":"epss","scoring_elements":"0.99799","published_at":"2026-05-14T12:55:00Z"},{"value":"0.93623","scoring_system":"epss","scoring_elements":"0.99838","published_at":"2026-04-12T12:55:00Z"},{"value":"0.93623","scoring_system":"epss","scoring_elements":"0.99837","published_at":"2026-04-04T12:55:00Z"},{"value":"0.93623","scoring_system":"epss","scoring_elements":"0.9984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.93623","scoring_system":"epss","scoring_elements":"0.99839","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41678"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41678"},{"reference_url":"https://github.com/apache/activemq","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq"},{"reference_url":"https://github.com/apache/activemq/commit/5c8d457d9","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/5c8d457d9"},{"reference_url":"https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/6120169e563b55323352431dfe9ac67a8b4de6c2"},{"reference_url":"https://github.com/apache/activemq/commit/bf65929fd","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/bf65929fd"},{"reference_url":"https://github.com/apache/activemq/commit/d8ce1d9ff","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/commit/d8ce1d9ff"},{"reference_url":"https://github.com/apache/activemq/pull/958","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/activemq/pull/958"},{"reference_url":"https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240216-0004","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240216-0004"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/11/28/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/11/28/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252185","reference_id":"2252185","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2252185"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41678","reference_id":"CVE-2022-41678","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41678"},{"reference_url":"https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt","reference_id":"CVE-2022-41678-ANNOUNCEMENT.TXT","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt"},{"reference_url":"https://github.com/advisories/GHSA-53v4-42fg-g287","reference_id":"GHSA-53v4-42fg-g287","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-53v4-42fg-g287"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2944","reference_id":"RHSA-2024:2944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2944"},{"reference_url":"https://usn.ubuntu.com/6910-1/","reference_id":"USN-6910-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6910-1/"},{"reference_url":"https://usn.ubuntu.com/7268-1/","reference_id":"USN-7268-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7268-1/"}],"fixed_packages":[],"aliases":["CVE-2022-41678","GHSA-53v4-42fg-g287"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4jb-36cp-1fc4"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.activemq/activemq-core@5.4.3"}