CVE-2020-1941

Description

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

How to fix CVE-2020-1941

To remediate CVE-2020-1941, upgrade the affected package to a fixed version below.

• Bitnami/activemq—no fix listed
• Debian/activemq—upgrade to 5.16.0-1 or later
• —upgrade to 5.15.12 or later

Is CVE-2020-1941 being exploited?

Moderate — EPSS is 5.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

• >= 5.0.0, <= 5.15.11
• from 0, < 5.16.0-1
• >= 5.0.0, < 5.15.12

CVSS scores

References (19)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-1941
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-1941
• PATCHgithub.com/apache/activemq
• WEBactivemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt
• WEB