Security Advisories - ActiveMQ Artemis

Details of security problems fixed in released versions of Apache ActiveMQ Artemis are detailed below.

See the main Security Advisories page for details for other components and general information such as reporting new security issues.

  • CVE-2023-50780 - Authenticated users could perform RCE via Jolokia MBeans
  • CVE-2022-35278 - HTML Injection in ActiveMQ Artemis Web Console
  • CVE-2022-23913 - Apache ActiveMQ Artemis DoS
  • CVE-2021-26117 - ActiveMQ: LDAP-Authentication does not verify passwords on servers with anonymous bind
  • CVE-2021-26118 - Flaw in ActiveMQ Artemis OpenWire support
  • CVE-2020-13932 - Apache ActiveMQ Artemis - Remote XSS in Web console Diagram Plugin
  • CVE-2017-12174 - Memory exhaustion via UDP and JGroups discovery
  • CVE-2016-4978 - Apache ActiveMQ Artemis: Deserialization of untrusted input vunerability

Apache, ActiveMQ, Apache ActiveMQ, the Apache feather logo, and the Apache ActiveMQ project logo are trademarks of The Apache Software Foundation. Copyright © 2024, The Apache Software Foundation. Licensed under Apache License 2.0.