all InfoSec news
Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604)
Nov. 10, 2023, 6:28 p.m. |
FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com
Ransomware attackers are targeting servers running outdated and vulnerable versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). CVE-2023-46604 is an unauthenticated deserialization vulnerability in ActiveMQ's OpenWire transport connector. Successful exploitation allows an attacker to execute arbitrary code with the same privileges of the ActiveMQ server.
What is the Vendor Solution?
Apache has released the patches to address CVE-2023-46604 and can be found here.
What FortiGuard Coverage is available?
FortiGuard Labs has released an …
activemq apache apache activemq arbitrary code attack attacker attackers code code execution connector cve cve-2023-46604 deserialization exploitation exploiting privileges ransomware remote code remote code execution running server servers targeting transport unauthenticated vulnerability vulnerable what is
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report
Tinyproxy use-after-free Vulnerability (CVE-2023-49606)
1 week, 2 days ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Security Operations Manager-West Coast
@ The Walt Disney Company | USA - CA - 2500 Broadway Street
Vulnerability Analyst - Remote (WFH)
@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US
Senior Mainframe Security Administrator
@ Danske Bank | Copenhagen V, Denmark