Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache TomEE 授权问题漏洞
Vulnerability Description
Apache TomEE是美国阿帕奇软件(Apache)基金会的一款轻量级的Java EE应用程序服务器。 Apache TomEE存在授权问题漏洞,该漏洞源于使用嵌入式ActiveMQ代理,并且代理配置错误,在TCP端口1099上打开JMX端口,且该端口不包含身份验证。以下产品及版本受到影响:Apache TomEE 8.0.0-M1版本至8.0.3版本, 7.1.0 版本至7.1.3版本, 7.0.0-M1版本至7.0.8版本, 1.0.0 版本至1.7.5 版本。
CVSS Information
N/A
Vulnerability Type
N/A