CVE-2023-46604
Vulnerability from cvelistv5
Published
2023-10-27 14:59
Modified
2024-08-02 20:45
Severity ?
Summary
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Impacted products
Vendor Product Version
Apache Software Foundation Apache ActiveMQ Legacy OpenWire Module Version: 5.18.0   
Version: 5.17.0   
Version: 5.16.0   
Version: 5.8.0   
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2023-11-02

Due date: 2023-11-23

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Known

Notes: https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt; https://nvd.nist.gov/vuln/detail/CVE-2023-46604

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:45:42.299Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Apr/18"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.activemq:activemq-client",
          "product": "Apache ActiveMQ",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "5.18.3",
              "status": "affected",
              "version": "5.18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.17.6",
              "status": "affected",
              "version": "5.17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.16.7",
              "status": "affected",
              "version": "5.16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.16",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.activemq:activemq-openwire-legacy",
          "product": "Apache ActiveMQ Legacy OpenWire Module",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "5.18.3",
              "status": "affected",
              "version": "5.18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.17.6",
              "status": "affected",
              "version": "5.17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.16.7",
              "status": "affected",
              "version": "5.16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15.16",
              "status": "affected",
              "version": "5.8.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "yejie@threatbook.cn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eThe Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\u003c/div\u003e"
            }
          ],
          "value": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-28T15:02:28.206Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
        },
        {
          "url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Apr/18"
        }
      ],
      "source": {
        "defect": [
          "AMQ-9370"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-46604",
    "datePublished": "2023-10-27T14:59:31.046Z",
    "dateReserved": "2023-10-24T08:55:31.050Z",
    "dateUpdated": "2024-08-02T20:45:42.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2023-46604",
      "cwes": "[\"CWE-502\"]",
      "dateAdded": "2023-11-02",
      "dueDate": "2023-11-23",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt; https://nvd.nist.gov/vuln/detail/CVE-2023-46604",
      "product": "ActiveMQ",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.",
      "vendorProject": "Apache",
      "vulnerabilityName": "Apache ActiveMQ Deserialization of Untrusted Data Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-46604\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-10-27T15:15:14.017\",\"lastModified\":\"2024-11-21T08:28:52.810\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Java OpenWire protocol marshaller is vulnerable to Remote Code \\nExecution. This vulnerability may allow a remote attacker with network \\naccess to either a Java-based OpenWire broker or client to run arbitrary\\n shell commands by manipulating serialized class types in the OpenWire \\nprotocol to cause either the client or the broker (respectively) to \\ninstantiate any class on the classpath.\\n\\nUsers are recommended to upgrade\\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \\nwhich fixes this issue.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Apache ActiveMQ es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad puede permitir que un atacante remoto con acceso a la red de un corredor ejecute comandos de shell arbitrarios manipulando tipos de clases serializadas en el protocolo OpenWire para hacer que el corredor cree una instancia de cualquier clase en el classpath. Se recomienda a los usuarios actualizar a la versi\u00f3n 5.15.16, 5.16.7, 5.17.6 o 5.18.3, que soluciona este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2023-11-02\",\"cisaActionDue\":\"2023-11-23\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Apache ActiveMQ Deserialization of Untrusted Data Vulnerability\",\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.15.16\",\"matchCriteriaId\":\"28B695E3-E637-44DC-BF2C-A24943EADBA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16.0\",\"versionEndExcluding\":\"5.16.7\",\"matchCriteriaId\":\"D8A5C039-10BA-4D0E-A243-6B313721C7FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.17.0\",\"versionEndExcluding\":\"5.17.6\",\"matchCriteriaId\":\"5C8395C4-40D7-4BD3-970B-3F0E32BCB771\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.18.0\",\"versionEndExcluding\":\"5.18.3\",\"matchCriteriaId\":\"CDA18155-D2AD-459A-94C7-136F981FD252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.15.16\",\"matchCriteriaId\":\"2D92110D-B913-4431-B7EB-0C949544E7B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16.0\",\"versionEndExcluding\":\"5.16.7\",\"matchCriteriaId\":\"8476D8D6-8394-4CD0-9E8C-41DCD96983BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.17.0\",\"versionEndExcluding\":\"5.17.6\",\"matchCriteriaId\":\"050649B9-4196-4BA1-9323-6B49E45B2E98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.18.0\",\"versionEndExcluding\":\"5.18.3\",\"matchCriteriaId\":\"CE9AE45E-8CDE-4083-A996-D0E90EA0A792\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB695329-036B-447D-BEB0-AA4D89D1D99C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*\",\"matchCriteriaId\":\"82E94B87-065E-475F-815C-F49978CE22FC\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2024/Apr/18\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html\",\"source\":\"security@apache.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0010/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/27/5\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Apr/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231110-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2023/10/27/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.