The Java OpenWire protocol marshaller is vulnerable to Remote Code
Execution. This vulnerability may allow a remote attacker with network
access to either a Java-based OpenWire broker or client to run arbitrary
shell commands by manipulating serialized class types in the OpenWire
protocol to cause either the client or the broker (respectively) to
instantiate any class on the classpath.
Users are recommended to upgrade
both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3
which fixes this issue.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 01:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-10-27T14:59:31.046Z
Updated: 2024-08-02T20:45:42.299Z
Reserved: 2023-10-24T08:55:31.050Z
Link: CVE-2023-46604
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-10-27T15:15:14.017
Modified: 2024-11-21T08:28:52.810
Link: CVE-2023-46604
Redhat