UBUNTU-CVE-2021-26117

Source
https://ubuntu.com/security/CVE-2021-26117
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-26117.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-26117
Related
Published
2021-01-27T19:15:00Z
Modified
2024-10-15T14:08:03Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

References

Affected packages

Ubuntu:Pro:16.04:LTS / activemq

Package

Name
activemq
Purl
pkg:deb/ubuntu/activemq?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.13.2+dfsg-2ubuntu0.1~esm1

Affected versions

5.*

5.6.0+dfsg1-4+deb8u1ubuntu1
5.6.0+dfsg1-5
5.13.2+dfsg-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.13.2+dfsg-2ubuntu0.1~esm1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.13.2+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libactivemq-java"
        },
        {
            "binary_version": "5.13.2+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libactivemq-java-doc"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / activemq

Package

Name
activemq
Purl
pkg:deb/ubuntu/activemq?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.8-2~18.04.1~esm1

Affected versions

5.*

5.14.5-3
5.15.2-2
5.15.3-2
5.15.8-2~18.04

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.15.8-2~18.04.1~esm1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.15.8-2~18.04.1~esm1",
            "binary_name": "libactivemq-java"
        }
    ]
}

Ubuntu:20.04:LTS / activemq

Package

Name
activemq
Purl
pkg:deb/ubuntu/activemq?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10-1
5.15.11-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / activemq

Package

Name
activemq
Purl
pkg:deb/ubuntu/activemq?arch=src?distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.15.11-1ubuntu0.1~esm1

Affected versions

5.*

5.15.10-1
5.15.11-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.15.11-1ubuntu0.1~esm1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.15.11-1ubuntu0.1~esm1",
            "binary_name": "libactivemq-java"
        }
    ]
}

Ubuntu:22.04:LTS / activemq

Package

Name
activemq
Purl
pkg:deb/ubuntu/activemq?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.16.1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.16.1-1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.16.1-1",
            "binary_name": "libactivemq-java"
        }
    ]
}

Ubuntu:24.10 / activemq

Package

Name
activemq
Purl
pkg:deb/ubuntu/activemq?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.17.6+dfsg-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.17.6+dfsg-1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.17.6+dfsg-1",
            "binary_name": "libactivemq-java"
        }
    ]
}

Ubuntu:24.04:LTS / activemq

Package

Name
activemq
Purl
pkg:deb/ubuntu/activemq?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.17.6+dfsg-1

Affected versions

5.*

5.17.2+dfsg-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.17.6+dfsg-1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.17.6+dfsg-1",
            "binary_name": "libactivemq-java"
        }
    ]
}