← Retour aux CVEs
CVE-2023-50780
HIGH8.8
Description
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE. Users are recommended to upgrade to version 2.29.0 or later, which fixes the issue.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie10/14/2024
Derniere modification3/19/2025
Sourcenvd
Observations honeypot0
Produits affectes
apache:activemq_artemis
Faiblesses (CWE)
CWE-285
References
https://lists.apache.org/thread/63b78shqz312phsx7v1ryr7jv7bprg58(security@apache.org)
http://www.openwall.com/lists/oss-security/2024/10/14/2(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.