{ "threat_severity" : "Moderate", "public_date" : "2020-09-10T00:00:00Z", "bugzilla" : { "description" : "activemq: improper authentication allows MITM attack", "id" : "1880101", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1880101" }, "cvss3" : { "cvss3_base_score" : "5.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-287", "details" : [ "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.", "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects." ], "affected_release" : [ { "product_name" : "Red Hat Fuse 7.9", "release_date" : "2021-08-11T00:00:00Z", "advisory" : "RHSA-2021:3140", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "activemq" }, { "product_name" : "Red Hat Integration", "release_date" : "2021-08-18T00:00:00Z", "advisory" : "RHSA-2021:3205", "cpe" : "cpe:/a:redhat:integration:1", "package" : "activemq", "impact" : "low" }, { "product_name" : "Red Hat Integration Camel Quarkus 1", "release_date" : "2021-08-18T00:00:00Z", "advisory" : "RHSA-2021:3207", "cpe" : "cpe:/a:redhat:camel_quarkus:2" } ], "package_state" : [ { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Not affected", "package_name" : "mqtt-client", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat Decision Manager 7", "fix_state" : "Not affected", "package_name" : "activemq-artemis", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7" }, { "product_name" : "Red Hat Integration Camel Quarkus 1", "fix_state" : "Affected", "package_name" : "activemq", "cpe" : "cpe:/a:redhat:camel_quarkus:2", "impact" : "low" }, { "product_name" : "Red Hat JBoss A-MQ 6", "fix_state" : "Out of support scope", "package_name" : "activemq", "cpe" : "cpe:/a:redhat:jboss_amq:6" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Not affected", "package_name" : "activemq-artemis", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "activemq-artemis", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Continuous Delivery", "fix_state" : "Out of support scope", "package_name" : "activemq-artemis", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform_cd" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "activemq", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "activemq", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "activemq-artemis", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Not affected", "package_name" : "activemq-artemis", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat Virtualization 4", "fix_state" : "Not affected", "package_name" : "eap7-activemq-artemis", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-13920\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13920" ], "name" : "CVE-2020-13920", "csaw" : false }