THREATOPS
THREAT OPSCVEs › CVE-2023-46604

CVE-2023-46604 — Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

CISA KEVExploited: confirmedApache

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

Vulnerability details

Related reporting