"⚠️ Critical RCE Alert: 3,000 Apache ActiveMQ Servers at Risk! ⚠️"

Over 3,000 Apache ActiveMQ servers are exposed online, vulnerable to a critical RCE flaw (CVE-2023-46604, CVSS v3: 10.0). Immediate patching is urged to prevent potential data theft and network compromise. Stay vigilant! 🛡️💻

Apache ActiveMQ is an open-source message broker for secure communication between clients and servers, supporting Java and various cross-language clients and protocols like AMQP, MQTT, OpenWire, and STOMP.

The flaw in question is CVE-2023-46604, a critical severity (CVSS v3 score: 10.0) RCE that allows attackers to execute arbitrary shell commands by exploiting class types in the OpenWire protocol.

According to Apache's disclosure on October 27, 2023, this vulnerability affects the following Apache ActiveMQ and Legacy OpenWire Module versions:

• Versions before 5.18.3 in the 5.18.x series
• Versions before 5.17.6 in the 5.17.x series
• Versions before 5.16.7 in the 5.16.x series
• All versions before 5.15.16

To address this issue, fixes have been released in versions 5.15.16, 5.16.7, 5.17.6, and 5.18.3. It's recommended to upgrade to one of these versions to enhance your IT security.

Tags: #CyberSecurity #RCE #ApacheActiveMQ #Vulnerability #PatchNow #InfoSec #ServerSecurity #CVE202346604 🚨🔐

Source: BleepingComputer

Author: Bill Toulas