org.apache.activemq:activemq-parent (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.activemq:activemq-parent, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2020-11998 — CVSS 9.8 (critical): A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead…
CVE-2021-26117 — CVSS 7.5 (high): The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ…
CVE-2010-1244 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to…
CVE-2020-13947 — CVSS 6.1 (medium): An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp…
CVE-2020-13920 — CVSS 5.9 (medium): Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is…
CVE-2017-15709 — CVSS 3.7 (low): When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel…
CVE-2010-0684 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to…