CVE-2020-11969

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-11969
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11969.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-11969
Aliases
Published
2020-06-15T20:15:11Z
Modified
2024-10-12T05:38:04.690992Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.

References

Affected packages

Git / github.com/apache/tomee

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomee
Events
Introduced
83c249c71f8dbc7aa149e202be0c0bdc01b6469e
Last affected
0bbaf5086db3a716a3976635c2d8b8e1b28ad9d4
Introduced
a789142b0448aa9a65adcc0cd032f56ad7f756f6
Last affected
24420829cd7de768df247fa7b3c8ae62c13a68e2
Introduced
2fd9372ccc2438b6b42021c46f51bf91add099e1
Last affected
38d3d3041e8489c312ffaa9fa6c694e072b444e8
Introduced
8c6358cca46e431df78fc9c7d818259a9ba8635b
Last affected
4ec1e7e4017fceb7b40b582ad6897a49b84e7643
Last affected
510c4bade028e1fd52412618c2f578e05164214d
Last affected
8846c3f4d05722717b65e9bef9384c2928b7cfe9
Last affected
bdcec137dd4eb1658e78ddcf5b7b15ac583daea1
Last affected
ecdcd044f92953e55d9e7a948968de918edb4ed6

Affected versions

tomee-7.*

tomee-7.0.4-TT.1
tomee-7.0.4-TT.2
tomee-7.0.5
tomee-7.0.5-TT.2
tomee-7.0.5-TT.3
tomee-7.0.5-TT.4
tomee-7.1.0
tomee-7.1.0-TT.1
tomee-7.1.1
tomee-7.1.2

tomee-8.*

tomee-8.0.0
tomee-8.0.1