Apache ActiveMQ Remote Code Execution Vulnerability
Content

Priority: Critical

Status: In Progress - Undergoing Analysis

 

First Published: 4 December, 2023

Advisory Version: 1.0

References:  CVE-2023-46604

Summary

A remote code execution vulnerability was recently discovered that affects certain versions of Apache ActiveMQ.  Specifically, this vulnerability could allow a remote attacker who has network access to a Java-based OpenWire broker or client to execute arbitrary shell commands.

Affected Products

Vulnerable Products

Product Fixed Release Version
Software
Hitachi Ops Center Administrator An affected version of Apache ActiveMQ is used.
A fixed version is currently being developed and tested.

 

Products Confirmed Not Vulnerable

At the time of this advisory's publication, only products listed in the Vulnerable Products section above are confirmed to be affected by this vulnerability.

 

Recommended Actions

Fixed Software

Hitachi Vantara is currently developing and testing a fix for this vulnerability. Please continue to check this advisory for any new information regarding the release schedule of the fixed version of Hitachi Ops Center Administrator.

 

If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.

The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.

Attachments
CXone Metadata