← Back

CVE-2020-11969

nvd nist
Published: Jun 15, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.

Affected (8)

Products: Apache: Tomee
Apache
1 product
Tomee
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Tomee
From 1.0.0 to 1.7.5
Tomee
From 7.0.0 to 7.0.7
Tomee
From 7.1.0 to 7.1.2
Tomee
From 8.0.0 to 8.0.1
Tomee
Version 7.0.0 m1
Tomee
Version 7.0.0 m2
Tomee
Version 7.0.0 m3
Tomee
Version 8.0.0 m1

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (12)

Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Mailing ListVendor Advisory
Source: security@apache.org
Source: security@apache.org
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.