org.apache.activemq:apache-activemq@6.1.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.activemq:apache-activemq package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Access Control

org.apache.activemq:apache-activemq is a Message Broker and Client implementations.

Affected versions of this package are vulnerable to Improper Access Control due to the default configuration not securing the API web context, which includes both the Jolokia JMX REST API and the Message REST API. This oversight allows unauthorized access, enabling anyone to interact with the broker or manage messages and destinations without any form of authentication.

How to fix Improper Access Control?

Upgrade org.apache.activemq:apache-activemq to version 6.1.2 or higher.

[6.0.0,6.1.2)