CVE-2020-1941

CWE-79 — Cross-site Scripting (XSS)10 documents8 sources

Severity

6.1MEDIUM

EPSS

8.9%

top 7.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Activemq Oracle Communications Diameter Signaling Router Oracle Communications Element Manager +4 more

Timeline

PublishedMay 14

Latest updateOct 15

Description

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages10 packages

▶Mavenorg.apache.activemq:activemq-web-console5.0.0 — 5.15.12

▶NVDapache/activemq5.0.0 — 5.15.11

▶CVEListV5apache_activemqApache ActiveMQ 5.0.0 to 5.15.11

▶Debianactivemq< 5.16.0-1+2

▶NVDoracle/communications_diameter_signaling_router8.0.0 — 8.2.2

🔴Vulnerability Details

GHSA

Apache ActiveMQ webconsole admin GUI is open to XSS↗2020-05-21

▶

OSV

Apache ActiveMQ webconsole admin GUI is open to XSS↗2020-05-21

▶

CVEList

CVE-2020-1941: In Apache ActiveMQ 5↗2020-05-14

▶

OSV

CVE-2020-1941: In Apache ActiveMQ 5↗2020-05-14

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: IDIH (Apache ActiveMQ) — CVE-2020-1941↗2020-10-15

▶

Oracle

Oracle Oracle Communications Applications Risk Matrix: Workorders (Apache ActiveMQ) — CVE-2020-1941↗2020-07-15

▶

Red Hat

activemq: Cross-site scripting in webconsole admin GUI↗2020-05-14

▶

Debian

CVE-2020-1941: activemq - In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in...↗2020

▶

💬Community

Bugzilla

CVE-2020-1941 activemq: Cross-site scripting in webconsole admin GUI↗2020-06-17

▶