CVE-2021-26117
Description
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
16.3
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-13947,CVE-2021-26117 are fixed in Apache - activemq-parent 5.16.1 | Windows |
| Vulnerabilities CVE-2020-13947,CVE-2021-26117 are fixed in Apache - activemq-parent 5.15.14 | Windows |
| Vulnerabilities CVE-2021-26117 are fixed in Apache-apache-artemis 2.16.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation - | Windows |
| Vulnerabilities CVE-2020-13947,CVE-2021-26117 are fixed in Apache - activemq-parent for Linux 5.16.1 | Linux |
| Vulnerabilities CVE-2020-13947,CVE-2021-26117 are fixed in Apache - activemq-parent for Linux 5.15.14 | Linux |
| Vulnerabilities CVE-2021-26117 are fixed in Apache-apache-artemis for Linux 2.16.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234