Apache ActiveMQ has a remote code execution vulnerability [CVE-2023-46604]. This vulnerability allows a remote attacker with network access to a broker to run arbitrary shell commands. It is exploited by manipulating serialized class types in the OpenWire protocol to cause the broker to recreate any class on the classpath.
The number of exposures is expected to be relatively small (under 4,000 exposed) with the majority in China. Having a publicly available exploit/proof-of-concept code reduces the level-of-effort needed to weaponize this vulnerability to compromise exposed ActiveMQ systems.
What To Do
Update Apache ActiveMQ to one of the following versions:
- 5.15.16
- 5.16.7
- 5.17.6
- 5.18.3
- “Artemis” 2.31.2
Status
This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary and additional information. We expect to have functionality for detecting this vulnerability early next week.