CVE-2020-11998 — Code Injection in Oracle Communications Diameter Signaling Router
Severity
9.8CRITICALNVD
EPSS
6.9%
top 8.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 10
Latest updateFeb 9
Description
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages8 packages
Patches
🔴Vulnerability Details
4CVEList
▶
OSV
▶
📋Vendor Advisories
5Oracle
▶
Oracle▶
Oracle Oracle Communications Risk Matrix: Provisioning (Apache ActiveMQ) — CVE-2020-11998↗2021-07-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Financial Planning (Apache ActiveMQ) — CVE-2020-11998↗2021-04-15
Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Security Subsystem (Apache ActiveMQ) — CVE-2020-11998↗2021-01-15
Debian▶
CVE-2020-11998: activemq - A regression has been introduced in the commit preventing JMX re-bind. By passin...↗2020