CVE-2017-15709 – org.apache.activemq:activemq-openwire-generator

Package

Manager: maven
Name: org.apache.activemq:activemq-openwire-generator
Vulnerable Version: >=5.14.0 <5.15.3

Severity

Level: Low

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.65728 pctl0.98447

Details

ActiveMQ's OpenWire protocol exposes certain system details as plain text When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

Metadata

Created: 2022-05-13T01:11:29Z
Modified: 2022-11-22T19:42:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7qm4-p377-fr2r/GHSA-7qm4-p377-fr2r.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-7qm4-p377-fr2r
Finding: F017
Auto approve: 1