As BSI stories, an IT safety alert a couple of identified vulnerability in Apache ActiveMQ has obtained an replace. You can examine which working methods and merchandise are affected by the safety hole right here at information.de.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 23, 2024 for the Apache ActiveMQ safety vulnerability identified on November 28, 2023. The safety vulnerability impacts Linux, UNIX and Windows working methods and Red Hat Enterprise Linux merchandise , Red Hat OpenShift, Apache ActiveMQ and Red Hat JBoss A-MQ.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:3354 (From 24 May 2024). Some helpful sources are listed later on this article.
Apache ActiveMQ Security Advisory – Risk: High
Risk stage: 4 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in laptop methods. The CVSS normal makes it potential to match potential or precise safety dangers primarily based on varied standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporary scores additionally have in mind modifications over time within the danger state of affairs. The severity of the present vulnerability is classed as “excessive” in response to the CVSS with a base rating of 8.8.
Apache ActiveMQ Bug: Vulnerability permits code execution
Apache ActiveMQ is an open supply message dealer that manages the transport of messages between completely different methods.
A distant, privileged attacker might exploit a vulnerability in Apache ActiveMQ to execute arbitrary code.
Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) ID quantity. CVE-2022-41678 on the market.
Systems affected by the safety hole at a look
Operating methods
Linux, UNIX, Windows
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Red Hat OpenShift Container Platform 4 (cpe:/a:redhat:openshift)
Apache ActiveMQ Apache ActiveMQ Apache ActiveMQ Apache ActiveMQ Red Hat JBoss A-MQ Broker
Common steps to handle IT safety gaps
- Users of affected methods ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually comprises further details about the newest model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually test the desired sources to see if a brand new safety replace is offered.
Sources for updates, patches and workarounds
Here you will see some hyperlinks with details about bug stories, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24 (23.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2944 vom 2024-05-21 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2945 vom 2024-05-21 (21.05.2024)
For extra data, see:
NIST Vulnerability Database vom 2023-11-28 (28.11.2023)
For extra data, see:
ActiveMQ Security Advisory vom 2023-11-28 (28.11.2023)
For extra data, see:
Version historical past of this safety alert
This is model 3 of this Apache ActiveMQ IT safety discover. This doc will likely be up to date as extra updates are introduced. You can examine modifications or additions on this model historical past.
November 28, 2023 – First model
May 21, 2024 – New updates from Red Hat added
05/23/2024 – New updates from Red Hat added
+++ Editorial observe: This doc is predicated on present BSI knowledge and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial workforce.
kns/roj/information.de