CRITICAL10.0CVE-2023-46604⚠ KEVApache ActiveMQ is vulnerable to Remote Code Execution from 0, < 5.15.16, >= 5.16.0, < 5.16.7, >= 5.17.0, < 5.17.6, >= 5.18.0, < 5.18.3
HIGH8.8CVE-2026-34197⚠ KEVAuthenticated Apache ActiveMQ Broker and Apache ActiveMQ users could perform RCE via Jolokia MBeans from 0, < 5.19.4, >= 6.0.0, < 6.2.3
CRITICAL9.8Remote code execution in Apache ActiveMQ
>= 5.15.12, <= 5.15.12
HIGH8.8Apache ActiveMQ: Authenticated low-privilege Web users retain Jolokia broker-management capability by default
from 0, < 5.19.7, >= 6.0.0, < 6.2.6
HIGH8.8Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Jolokia `addNetworkConnector` Discovery Wrapper Bypass
from 0, < 5.19.7, >= 6.0.0, < 6.2.6
HIGH8.8Apache ActiveMQ Vulnerable to Improper Input Validation and Code Injection
from 0, < 5.19.6, >= 6.0.0, < 6.2.5
HIGH8.8Apache ActiveMQ Vulnerable to Code Injection
from 0, < 5.19.6, >= 6.0.0, < 6.2.5
HIGH8.8Apache ActiveMQ's default configuration doesn't secure the API web context
>= 6.0.0, < 6.1.2
HIGH8.8activemq - security update
from 0, < 5.16.6, >= 5.17.0, < 5.17.4
HIGH8.1Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Remote Code Execution via Jolokia addNetworkConnector
from 0, < 5.19.7, >= 6.0.0, < 6.2.6
HIGH8.0libxstream-java - security update
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0
HIGH7.5Apache ActiveMQ: Denial of Service via Out of Memory vulnerability
from 0, < 5.19.4, >= 6.0.0, < 6.2.4
HIGH7.5activemq - security update
>= 5.16.0, < 5.16.8, >= 5.17.0, < 5.17.7, >= 5.18.0, < 5.18.7, >= 6.0.0, < 6.1.6
HIGH7.5Improper Authentication in Apache ActiveMQ and Apache Artemis
>= 5.15.0, < 5.15.14, >= 5.16.0, < 5.16.1
HIGH7.5libxstream-java - security update
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM6.5Apache ActiveMQ Vulnerable to Cross-site Scripting
from 0, < 5.19.6, >= 6.0.0, < 6.2.5
MEDIUM6.1Apache ActiveMQ, Apache ActiveMQ Web: HTTP Response Header Injection via JMS Message Properties
from 0, < 5.19.7, >= 6.0.0, < 6.2.6
MEDIUM6.1Cross-site scripting (XSS) in Apache ActiveMQ
from 0, < 5.15.14, >= 5.16.0, < 5.16.1
MEDIUM6.1A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM6.1XStream is vulnerable to an Arbitrary Code Execution attack
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM6.1XStream is vulnerable to an Arbitrary Code Execution attack
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM6.1Apache ActiveMQ webconsole admin GUI is open to XSS
>= 5.0.0, <= 5.15.11
MEDIUM5.9Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)
from 0, < 5.19.7, >= 6.0.0, < 6.2.6
MEDIUM5.9activemq - security update
from 0, < 5.15.12
MEDIUM5.8XStream is vulnerable to a Remote Command Execution attack
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM5.4Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound
>= 6.0.0, < 6.2.4
MEDIUM5.4Apache ActiveMQ is Vulnerable to Integer Overflow or Wraparound
from 0, < 5.19.2, >= 6.0.0, < 6.1.9, >= 6.2.0, < 6.2.1
MEDIUM5.4XStream is vulnerable to an Arbitrary Code Execution attack
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM5.3XStream is vulnerable to an Arbitrary Code Execution attack
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM5.3XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM5.3XStream is vulnerable to an Arbitrary Code Execution attack
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM5.3XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM5.3A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
from 0, < 5.15.14 | >= 5.16.0, <= 5.16.0, >= 5.16.1, <= 5.16.1
MEDIUM4.3Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal
from 0, < 5.19.7, >= 6.0.0, < 6.2.6
MEDIUM4.3Apache ActiveMQ: Improper validation and restriction of a classpath path name
from 0, < 5.19.3, >= 6.0.0, < 6.2.2