| Vulnerability Name: | CVE-2021-26118 (CCN-195731) | ||||||||||||
| Assigned: | 2021-01-27 | ||||||||||||
| Published: | 2021-01-27 | ||||||||||||
| Updated: | 2022-08-01 | ||||||||||||
| Summary: | While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-26118 Source: CCN Type: Apache Web site Apache ActiveMQ Artemis Source: XF Type: UNKNOWN apache-cve202126118-sec-bypass(195731) Source: MLIST Type: Mailing List, Patch, Vendor Advisory [announce] 20210127 CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support Source: MISC Type: Mailing List, Vendor Advisory https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E Source: CCN Type: oss-sec Mailing List, Wed, 27 Jan 2021 15:54:48 +0000 CVE-2021-26118: Flaw in ActiveMQ Artemis OpenWire support Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20210827-0002/ Source: CCN Type: WhiteSource Vulnerability Database CVE-2021-26118 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||