CRITICAL🇵🇱 Wersja polska

CVE-2014-3600

CVSS 9.8v3.0pub. 2017-10-27upd. 2026-05-13

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Activemq

    APP
    Apache
    5.0.05.1.05.10.05.2.05.3.05.3.15.3.25.4.05.4.15.4.25.4.35.5.05.5.15.6.05.7.0+ 3 więcej
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XXE
CWE
References

Related vulnerabilities

CVE-2023-46604CRITICAL10.0⚠ KEVten sam produkt

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a ...

CVE-2016-3088CRITICAL9.8⚠ KEVten sam produkt

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and exec...

CVE-2020-11998CRITICAL9.8ten sam produkt

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to ...

CVE-2013-7285CRITICAL9.8ten sam produkt

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may a...

CVE-2015-5254CRITICAL9.8ten sam produkt

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which al...