Conversation
AttackerKB
attackerkb
New assessment for topic: CVE-2023-46604
Topic description: "Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. ..."
"Based on [vendor assessment](https://activemq.apache.org/news/cve-2023-46604) the vulnerability (deserialization of untrusted data) is present in Active MQ *Artemis* too, but the Spring class used in the public exploit is not available in this flavor of the software (only works against ActiveMQ *Classic*) ..."
Link: https://www.attackerkb.com/assessments/6391e374-1e7f-4b15-b299-bc3b47128d9d
Topic description: "Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. ..."
"Based on [vendor assessment](https://activemq.apache.org/news/cve-2023-46604) the vulnerability (deserialization of untrusted data) is present in Active MQ *Artemis* too, but the Spring class used in the public exploit is not available in this flavor of the software (only works against ActiveMQ *Classic*) ..."
Link: https://www.attackerkb.com/assessments/6391e374-1e7f-4b15-b299-bc3b47128d9d
0
1
1