github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/bitnami/testdata/happy/bitnami-vulndb/data/activemq/BIT-2020-11998.json

github.com/khulnasoft-lab/tunnel-db@v0.0.0-20231117205118-74e1113bd007/pkg/vulnsrc/bitnami/testdata/happy/bitnami-vulndb/data/activemq/BIT-2020-11998.json (about)

     1  {
     2    "schema_version": "1.5.0",
     3    "id": "BIT-2020-11998",
     4    "details": "A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html \"A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code.\" Mitigation: Upgrade to Apache ActiveMQ 5.15.13",
     5    "aliases": [
     6      "CVE-2020-11998"
     7    ],
     8    "affected": [
     9      {
    10        "package": {
    11          "ecosystem": "bitnami",
    12          "name": "activemq",
    13          "purl": "pkg:bitnami/activemq"
    14        },
    15        "severity": [
    16          {
    17            "type": "CVSS_V3",
    18            "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    19          }
    20        ],
    21        "versions": [
    22          "5.15.12"
    23        ]
    24      }
    25    ],
    26    "database_specific": {
    27      "severity": "Critical",
    28      "cpes": [
    29        "cpe:2.3:a:apache:activemq:5.15.12:*:*:*:*:*:*:*"
    30      ]
    31    },
    32    "references": [
    33      {
    34        "type": "WEB",
    35        "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt"
    36      },
    37      {
    38        "type": "WEB",
    39        "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E"
    40      },
    41      {
    42        "type": "WEB",
    43        "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E"
    44      },
    45      {
    46        "type": "WEB",
    47        "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    48      },
    49      {
    50        "type": "WEB",
    51        "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    52      },
    53      {
    54        "type": "WEB",
    55        "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    56      },
    57      {
    58        "type": "WEB",
    59        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    60      }
    61    ],
    62    "published": "2023-06-12T14:11:29.875Z",
    63    "modified": "2023-07-27T06:48:49.626Z"
    64  }