apache activemq-artemis CVE-2021-26118 in Apache and NetApp Products
Published on January 27, 2021

Flaw in ActiveMQ Artemis OpenWire support

product logo product logo
While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.

NVD

Weakness Type

What is an Authorization Vulnerability?

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE-2021-26118 has been classified to as an Authorization vulnerability or weakness.


Products Associated with CVE-2021-26118

stack.watch emails you whenever new vulnerabilities are published in Apache Activemq Artemis or NetApp Oncommand Workflow Automation. Just hit a watch button to start following.

Apache Activemq Artemis
 
NetApp Oncommand Workflow Automation
 

Affected Versions

Apache Software Foundation Apache ActiveMQ Artemis:

Exploit Probability

EPSS
1.01%
Percentile
76.82%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.