Serial number: AV23-669
Date: November 2, 2023
On October 27, 2023, Apache published a security advisory to address a vulnerability in the following products:
- ActiveMQ 5.18 – versions prior to 5.18.3
- ActiveMQ 5.17 – versions prior to 5.17.6
- ActiveMQ 5.16 – versions prior to 5.16.7
- ActiveMQ – versions prior to 5.15.16
- ActiveMQ Legacy OpenWire Module 5.18 – versions prior to 5.18.3
- ActiveMQ Legacy OpenWire Module 5.17 – versions prior to 5.17.6
- ActiveMQ Legacy OpenWire Module 5.16 – versions prior to 5.16.7
- ActiveMQ Legacy OpenWire Module 5.8 – versions prior to 5.15.16
Open source has reported that CVE-2023-46604 has been exploited. Successful exploitation of this vulnerability can permit remote code execution to a threat actor.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.