logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-46604

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-46604

Description:
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Last updated date:
06/27/2024

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
11/02/2023
Reference url to background

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:
exploit
Confidence:
HIGH
Date of publishing:
10/26/2023
Reference url to background

https://github.com/trganda/ActiveMQ-RCE

Type:
exploit
Confidence:
HIGH
Date of publishing:
10/27/2023
Reference url to background

https://github.com/X1r0z/ActiveMQ-RCE

Type:
exploit
Confidence:
HIGH
Date of publishing:
10/27/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
11/03/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
11/04/2023
Reference url to background

https://github.com/evkl1d/CVE-2023-46604

Type:
exploit
Confidence:
HIGH
Date of publishing:
11/06/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
11/06/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
11/08/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
11/09/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
11/12/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
03/05/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/27/2024
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy