FKIE_CVE-2023-46604

Vulnerability from fkie_nvd - Published: 2023-10-27 15:15 - Updated: 2025-11-04 16:41
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
References
security@apache.orghttp://seclists.org/fulldisclosure/2024/Apr/18Mailing List, Third Party Advisory
security@apache.orghttps://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txtVendor Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2023/11/msg00013.htmlMailing List
security@apache.orghttps://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@apache.orghttps://security.netapp.com/advisory/ntap-20231110-0010/Third Party Advisory
security@apache.orghttps://www.openwall.com/lists/oss-security/2023/10/27/5Mailing List
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2024/Apr/18Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/11/msg00013.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/10/msg00027.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20231110-0010/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2023/10/27/5Mailing List
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
apache activemq *
apache activemq *
apache activemq *
apache activemq *
apache activemq_legacy_openwire_module *
apache activemq_legacy_openwire_module *
apache activemq_legacy_openwire_module *
apache activemq_legacy_openwire_module *
debian debian_linux 10.0
debian debian_linux 11.0
netapp e-series_santricity_unified_manager -
netapp e-series_santricity_web_services_proxy -
netapp santricity_storage_plugin -
To clipboard 

{
  "cisaActionDue": "2023-11-23",
  "cisaExploitAdd": "2023-11-02",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Apache ActiveMQ Deserialization of Untrusted Data Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B695E3-E637-44DC-BF2C-A24943EADBA1",
              "versionEndExcluding": "5.15.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8A5C039-10BA-4D0E-A243-6B313721C7FF",
              "versionEndExcluding": "5.16.7",
              "versionStartIncluding": "5.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C8395C4-40D7-4BD3-970B-3F0E32BCB771",
              "versionEndExcluding": "5.17.6",
              "versionStartIncluding": "5.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA18155-D2AD-459A-94C7-136F981FD252",
              "versionEndExcluding": "5.18.3",
              "versionStartIncluding": "5.18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D92110D-B913-4431-B7EB-0C949544E7B8",
              "versionEndExcluding": "5.15.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8476D8D6-8394-4CD0-9E8C-41DCD96983BE",
              "versionEndExcluding": "5.16.7",
              "versionStartIncluding": "5.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "050649B9-4196-4BA1-9323-6B49E45B2E98",
              "versionEndExcluding": "5.17.6",
              "versionStartIncluding": "5.17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9AE45E-8CDE-4083-A996-D0E90EA0A792",
              "versionEndExcluding": "5.18.3",
              "versionStartIncluding": "5.18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
              "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue."
    },
    {
      "lang": "es",
      "value": "Apache ActiveMQ es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad puede permitir que un atacante remoto con acceso a la red de un corredor ejecute comandos de shell arbitrarios manipulando tipos de clases serializadas en el protocolo OpenWire para hacer que el corredor cree una instancia de cualquier clase en el classpath. Se recomienda a los usuarios actualizar a la versi\u00f3n 5.15.16, 5.16.7, 5.17.6 o 5.18.3, que soluciona este problema."
    }
  ],
  "id": "CVE-2023-46604",
  "lastModified": "2025-11-04T16:41:16.217",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security@apache.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-10-27T15:15:14.017",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Apr/18"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2024/Apr/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20231110-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2023/10/27/5"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-46604"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.