CVE-2020-13920 vulnerability in Apache and Other Products
Published on September 10, 2020

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

NVD

Products Associated with CVE-2020-13920

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-13920 are published in these products:

Apache ActiveMQ

Oracle Communications Diameter Signaling Router

Debian Linux

Oracle Flexcube Private Banking

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.15%

Percentile

35.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-13920 vulnerability in Apache and Other ProductsPublished on September 10, 2020

Products Associated with CVE-2020-13920

Exploit Probability

CVE-2020-13920 vulnerability in Apache and Other Products
Published on September 10, 2020