#VU50074 Improper access control in ActiveMQ Artemis - CVE-2021-26118
Published: January 27, 2021 / Updated: January 28, 2021
Vulnerability identifier: #VU50074
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-26118
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ActiveMQ Artemis
ActiveMQ Artemis
Software vendor:
Apache Foundation
Apache Foundation
Description
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. The creation of advisory messages in the OpenWire protocol head of
Apache ActiveMQ Artemis bypasses policy based access control for
the entire session. A remote user can bypass implemented security restrictions.
Remediation
Install updates from vendor's website.