THREAT OPS › CVEs › CVE-2023-46604
CVE-2023-46604 — Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Vulnerability details
- Affected productsActiveMQ
- KEV remediation due2023-11-23