all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Apache ActiveMQ Remote Code Execution Vulnerability (CVE-2023-46604)

Add to bookmarks
Nov. 10, 2023, 6:28 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is the Attack?

Ransomware attackers are targeting servers running outdated and vulnerable versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). CVE-2023-46604 is an unauthenticated deserialization vulnerability in ActiveMQ's OpenWire transport connector. Successful exploitation allows an attacker to execute arbitrary code with the same privileges of the ActiveMQ server.


What is the Vendor Solution?

Apache has released the patches to address CVE-2023-46604 and can be found here.


What FortiGuard Coverage is available?

FortiGuard Labs has released an …

activemq apache apache activemq arbitrary code attack attacker attackers code code execution connector cve cve-2023-46604 deserialization exploitation exploiting privileges ransomware remote code remote code execution running server servers targeting transport unauthenticated vulnerability vulnerable what is

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

GitLab Password Reset Vulnerability (CVE-2023-7028) 1 day, 2 hours ago | fortiguard.fortinet.com
account administrator attacker cisa +23
Ignite Realtime Openfire Path Traversal Vulnerability (CVE-2023-32315) 2 days, 1 hour ago | fortiguard.fortinet.com
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) 3 days, 6 hours ago | fortiguard.fortinet.com
attackers attacks cisa cisa known exploited vulnerabilities +27
ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 1 week, 2 days ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 1 week, 2 days ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 2 weeks, 4 days ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 1 month ago | fortiguard.fortinet.com
attack code compression cve +25
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256) 1 month ago | fortiguard.fortinet.com
access attacker code code execution +25
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) 1 month, 1 week ago | fortiguard.fortinet.com
access application application developers attackers +31

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Specialist, Forsah Technical and Vocational Education and Training (Forsah TVET) (NEW)

@ IREX | Ramallah, West Bank, Palestinian National Authority
View on infosec-jobs.com

Consultant(e) Junior Cybersécurité

@ Sia Partners | Paris, France
View on infosec-jobs.com

Senior Network Security Engineer

@ NielsenIQ | Mexico City, Mexico
View on infosec-jobs.com

Senior Consultant, Payment Intelligence

@ Visa | Washington, DC, United States
View on infosec-jobs.com

Corporate Counsel, Compliance

@ Okta | San Francisco, CA; Bellevue, WA; Chicago, IL; New York City; Washington, DC; Austin, TX
View on infosec-jobs.com

Security Operations Engineer

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs