Vulnerability Name:

CVE-2020-13931 (CCN-193254)

Assigned:2020-12-16
Published:2020-12-16
Updated:2020-12-23
Summary:If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-13931

Source: XF
Type: UNKNOWN
apache-cve202013931-sec-bypass(193254)

Source: MLIST
Type: Mailing List, Vendor Advisory
[tomee-dev] 20201222 Re: CVE-2020-13931 is Fake vulnerability

Source: MLIST
Type: Vendor Advisory
[tomee-dev] 20201223 Re: CVE-2020-13931 is Fake vulnerability

Source: MISC
Type: Mailing List, Vendor Advisory
https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E

Source: CCN
Type: oss-sec Mailing List, Wed, 16 Dec 2020 16:31:08 +0000
CVE-2020-13931 Apache TomEE - Incorrect config on JMS Resource Adapter can lead to JMX being enabled

Source: CCN
Type: Apache Web site
Apache TomEE

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:tomee:*:*:*:*:*:*:*:* (Version >= 1.0.0 and <= 1.7.5)
  • OR cpe:/a:apache:tomee:*:*:*:*:*:*:*:* (Version >= 7.0.0 and <= 7.0.8)
  • OR cpe:/a:apache:tomee:7.0.0:m1:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:7.0.0:m2:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:7.0.0:m3:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:*:*:*:*:*:*:*:* (Version >= 7.1.0 and <= 7.1.3)
  • OR cpe:/a:apache:tomee:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.3)
  • OR cpe:/a:apache:tomee:8.0.0:m1:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:apache:tomee:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:1.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:7.0.0:m1:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:8.0.0:m1:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:7.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:7.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:tomee:8.0.3:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    apache tomee *
    apache tomee *
    apache tomee 7.0.0 m1
    apache tomee 7.0.0 m2
    apache tomee 7.0.0 m3
    apache tomee *
    apache tomee *
    apache tomee 8.0.0 m1
    apache tomee 1.0.0
    apache tomee 1.7.5
    apache tomee 7.0.0 m1
    apache tomee 7.1.0
    apache tomee 8.0.0 m1
    apache tomee 7.0.8
    apache tomee 7.1.3
    apache tomee 8.0.3