This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-website.git
The following commit(s) were added to refs/heads/main by this push:
new 923233435 Update security for Apache ActiveMQ classic
923233435 is described below
commit 923233435cbb812abeee87c7bdd804b7e2403541
Author: JB Onofré <[email protected]>
AuthorDate: Tue Nov 28 15:51:40 2023 +0100
Update security for Apache ActiveMQ classic
---
src/components/classic/security.md | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/components/classic/security.md
b/src/components/classic/security.md
index f4e7814a4..77ffe1fc8 100644
--- a/src/components/classic/security.md
+++ b/src/components/classic/security.md
@@ -10,6 +10,7 @@ Details of security problems fixed in released versions of
Apache ActiveMQ 6.x a
See the main [Security Advisories](../../security-advisories) page for details
for other components and general information such as reporting new security
issues.
*
[CVE-2023-46604](../../security-advisories.data/CVE-2023-46604-announcement.txt)
- Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code
execution (RCE) attack
+*
[CVE-2022-41678](../../security-advisories.data/CVE-2022-41678-announcement.txt)
- Deserialization vulnerability on Jolokia that allows authenticated users to
perform remote code execution (RCE)
*
[CVE-2021-26117](../../security-advisories.data/CVE-2021-26117-announcement.txt)
- ActiveMQ: LDAP-Authentication does not verify passwords on servers with
anonymous bind
*
[CVE-2020-13947](../../security-advisories.data/CVE-2020-13947-announcement.txt)
- XSS in WebConsole
*
[CVE-2020-13920](../../security-advisories.data/CVE-2020-13920-announcement.txt)
- JMX MITM vulnerability
