Published on 23 Nov 2023 | Updated on 23 Nov 2023
Apache has released updates to address a critical vulnerability (CVE-2023-46604) in Apache ActiveMQ. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10 and is reportedly being actively exploited.
Successful exploitation of the vulnerability in Java OpenWire protocol marshaller could allow a remote attacker with network access to a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialised class types in the OpenWire protocol.
The vulnerability affects the following product versions:
Users and administrators of affected products are advised to upgrade both Java OpenWire brokers and clients to the latest versions immediately.
More information is available here: