COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-46604

CVE-2023-46604

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2023-11-02
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-46604
⚡ RCE ⌖ exploited in the wild shame 95/100 ransomwarerceexploited-in-wild

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the cl

Players implicated

apache · vendorActiveMQ · product

Description

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.