{"containers": {"cna": {"affected": [{"product": "Apache ActiveMQ Artemis", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.16.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Apache ActiveMQ  would like to thank Francesco Marchioni (Red Hat) for reporting this issue."}], "descriptions": [{"lang": "en", "value": "While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2024-08-03T20:20:55.000Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E"}, {"name": "[announce] 20210127 CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rafd5d7cf303772a0118865262946586921a65ebd98fc24f56c812574%40%3Cannounce.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210827-0002/"}], "source": {"defect": ["https://issues.apache.org/jira/browse/ARTEMIS-2964"], "discovery": "UNKNOWN"}, "title": "Flaw in ActiveMQ Artemis OpenWire support", "workarounds": [{"lang": "en", "value": "Upgrade to Apache ActiveMQ Artemis 2.16.0"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-26118", "STATE": "PUBLIC", "TITLE": "Flaw in ActiveMQ Artemis OpenWire support"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache ActiveMQ Artemis", "version": {"version_data": [{"version_affected": "<", "version_value": "2.16.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Apache ActiveMQ  would like to thank Francesco Marchioni (Red Hat) for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E", "refsource": "MISC", "url": "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E"}, {"name": "[announce] 20210127 CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rafd5d7cf303772a0118865262946586921a65ebd98fc24f56c812574@%3Cannounce.apache.org%3E"}, {"name": "https://security.netapp.com/advisory/ntap-20210827-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210827-0002/"}]}, "source": {"defect": ["https://issues.apache.org/jira/browse/ARTEMIS-2964"], "discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Upgrade to Apache ActiveMQ Artemis 2.16.0"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:19:20.389Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E"}, {"name": "[announce] 20210127 CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rafd5d7cf303772a0118865262946586921a65ebd98fc24f56c812574%40%3Cannounce.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210827-0002/"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-26118", "datePublished": "2021-01-27T18:55:13.000Z", "dateReserved": "2021-01-25T00:00:00.000Z", "dateUpdated": "2025-02-13T16:27:51.360Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq_artemis:2.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "2AB11579-9019-4496-9845-508690C14608", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error."}, {"lang": "es", "value": "Al investigar ARTEMIS-2964, se detect\u00f3 que la creaci\u00f3n de mensajes de aviso en el encabezado del protocolo OpenWire de Apache ActiveMQ Artemis versi\u00f3n 2.15.0, omiti\u00f3 el control de acceso basado en pol\u00edticas para toda la sesi\u00f3n. La producci\u00f3n de mensajes de aviso no estuvo sujeta al control de acceso por error"}], "id": "CVE-2021-26118", "lastModified": "2024-11-21T05:55:54.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-27T19:15:13.780", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rafd5d7cf303772a0118865262946586921a65ebd98fc24f56c812574%40%3Cannounce.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210827-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rafd5d7cf303772a0118865262946586921a65ebd98fc24f56c812574%40%3Cannounce.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210827-0002/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Francesco Marchioni (Red Hat).", "affected_release": [{"advisory": "RHSA-2020:5365", "cpe": "cpe:/a:redhat:amq_broker:7", "product_name": "Red Hat AMQ", "release_date": "2020-12-08T00:00:00Z"}, {"advisory": "RHSA-2021:0417", "cpe": "cpe:/a:redhat:amq_broker:7", "product_name": "Red Hat AMQ 7.8.1", "release_date": "2021-02-04T00:00:00Z"}], "bugzilla": {"description": "7: OpenWire can create destinations with an unpriviledged user", "id": "1892384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892384"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-285", "details": ["While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.", "A flaw was found in AMQ 7 broker, where it allows users using the OpenWire protocol to bypass the usual permissions checks. This flaw allows an unprivileged user to create queues without verifying the role. The highest threat from this vulnerability is to integrity."], "mitigation": {"lang": "en:us", "value": "If you are not using the openwire protocol, it can be disabled by removing it from the list of accepted protocols in the `broker.xml`\n```xml\n<acceptor name=\"artemis\">tcp://0.0.0.0:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true</acceptor>\n```"}, "name": "CVE-2021-26118", "package_state": [{"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Affected", "impact": "moderate", "package_name": "broker", "product_name": "Red Hat AMQ Broker 7"}], "public_date": "2020-10-28T12:25:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-26118\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26118"], "threat_severity": "Important"}