{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-13920", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "dateUpdated": "2024-08-04T12:32:14.288Z", "dateReserved": "2020-06-08T00:00:00.000Z", "datePublished": "2020-09-10T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-11-20T22:06:16.750Z"}, "descriptions": [{"lang": "en", "value": "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12."}], "affected": [{"vendor": "n/a", "product": "Apache ActiveMQ", "versions": [{"version": "Apache ActiveMQ version prior to 5.15.12", "status": "affected"}]}], "references": [{"url": "http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt"}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2400-1] activemq security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"}, {"name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"}, {"name": "[debian-lts-announce] 20231120 [SECURITY] [DLA 3657-1] activemq security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Man In The Middle attack vulnerability"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:32:14.288Z"}, "title": "CVE Program Container", "references": [{"url": "http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2400-1] activemq security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"}, {"name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"}, {"name": "[debian-lts-announce] 20231120 [SECURITY] [DLA 3657-1] activemq security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "matchCriteriaId": "B27C7324-562F-46E8-B69D-EE68D2F8CAA4", "versionEndExcluding": "5.15.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780", "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12."}, {"lang": "es", "value": "Apache ActiveMQ usa la funci\u00f3n LocateRegistry.createRegistry() para crear el registro RMI de JMX y vincular el servidor a la entrada \"jmxrmi\". Es posible conectarse al registro sin autenticaci\u00f3n y llamar al m\u00e9todo rebind para volver a vincular jmxrmi a otra cosa. Si un atacante crea otro servidor como proxy del original y lo enlaza, efectivamente se convierte en un ataque de tipo man in the middle y es capaz de interceptar las credenciales cuando un usuario se conecta. Actualice a Apache ActiveMQ versi\u00f3n 5.15.12"}], "id": "CVE-2020-13920", "lastModified": "2024-11-21T05:02:09.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-10T19:15:13.160", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html"}, {"source": "security@apache.org", "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:3140", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "activemq", "product_name": "Red Hat Fuse 7.9", "release_date": "2021-08-11T00:00:00Z"}, {"advisory": "RHSA-2021:3205", "cpe": "cpe:/a:redhat:integration:1", "impact": "low", "package": "activemq", "product_name": "Red Hat Integration", "release_date": "2021-08-18T00:00:00Z"}, {"advisory": "RHSA-2021:3207", "cpe": "cpe:/a:redhat:camel_quarkus:2", "impact": "low", "package": "activemq", "product_name": "Red Hat Integration Camel Quarkus 1", "release_date": "2021-08-18T00:00:00Z"}], "bugzilla": {"description": "activemq: improper authentication allows MITM attack", "id": "1880101", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880101"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-287", "details": ["Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.", "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects."], "name": "CVE-2020-13920", "package_state": [{"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "mqtt-client", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:jboss_developer_studio:12.", "fix_state": "Affected", "package_name": "activemq", "product_name": "Red Hat CodeReady Studio 12"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "activemq-artemis", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Out of support scope", "package_name": "activemq", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "activemq-artemis", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "activemq-artemis", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_cd", "fix_state": "Out of support scope", "package_name": "activemq-artemis", "product_name": "Red Hat JBoss Enterprise Application Platform Continuous Delivery"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "activemq", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "activemq", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "activemq-artemis", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "activemq-artemis", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "eap7-activemq-artemis", "product_name": "Red Hat Virtualization 4"}], "public_date": "2020-09-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-13920\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13920"], "threat_severity": "Moderate"}

{}