Home > Vulnerability Database > CVE-2023-50780

Mend.io Vulnerability Database

CVE-2023-50780

Good to know:

Date: October 14, 2024

Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE.

Language: Java

Severity Score

8.8

Related Resources (7)

Url: https://github.com/apache/activemq-artemis/commit/cfb585eaf61d570eecd65c6ad0e92282df7d3869

Url: http://www.openwall.com/lists/oss-security/2024/10/14/2

Url: https://issues.apache.org/jira/browse/ARTEMIS-4150

Url: https://github.com/apache/activemq-artemis

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-50780

Url: https://lists.apache.org/thread/63b78shqz312phsx7v1ryr7jv7bprg58

Url: https://www.mend.io/vulnerability-database/CVE-2023-50780

Severity Score

8.8

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version org.apache.activemq:artemis-cli:2.29.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-50780

Good to know:

Date: October 14, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?