CVE-2020-13931 - OpenCVE

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Tomee

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomee::::::::
	cpe:2.3:a:apache:tomee::::::::
	cpe:2.3:a:apache:tomee::::::::
	cpe:2.3:a:apache:tomee::::::::
	cpe:2.3:a:apache:tomee:7.0.0:m1::::::
	cpe:2.3:a:apache:tomee:7.0.0:m2::::::
	cpe:2.3:a:apache:tomee:7.0.0:m3::::::
	cpe:2.3:a:apache:tomee:8.0.0:m1::::::

No data.

References

Link	Providers
https://lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2020-12-17T23:42:39

Updated: 2024-08-04T12:32:14.285Z

Reserved: 2020-06-08T00:00:00

Link: CVE-2020-13931

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-12-18T00:15:14.190

Modified: 2023-11-07T03:17:00.363

Link: CVE-2020-13931

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache TomEE", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5"}]}], "descriptions": [{"lang": "en", "value": "If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case."}], "problemTypes": [{"descriptions": [{"description": "Undesired port open with unauthenticated access", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-23T09:06:15", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20201222 Re: CVE-2020-13931 is Fake vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20201223 Re: CVE-2020-13931 is Fake vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9%40%3Cdev.tomee.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2020-13931", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache TomEE", "version": {"version_data": [{"version_value": "Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Undesired port open with unauthenticated access"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20201222 Re: CVE-2020-13931 is Fake vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4@%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20201223 Re: CVE-2020-13931 is Fake vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9@%3Cdev.tomee.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:32:14.285Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20201222 Re: CVE-2020-13931 is Fake vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20201223 Re: CVE-2020-13931 is Fake vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9%40%3Cdev.tomee.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-13931", "datePublished": "2020-12-17T23:42:39", "dateReserved": "2020-06-08T00:00:00", "dateUpdated": "2024-08-04T12:32:14.285Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomee:*:*:*:*:*:*:*:*", "matchCriteriaId": "9836083A-FD7C-4E1B-91B1-7E41933345F1", "versionEndIncluding": "1.7.5", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomee:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6443620-3F4B-4AFE-926F-86FC3E2F3CDA", "versionEndIncluding": "7.0.8", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomee:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C6DCBEB-07E1-486B-8E2B-661E2BC48814", "versionEndIncluding": "7.1.3", "versionStartIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomee:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCDB6F9A-F6DB-418A-A113-E440EFBF9F42", "versionEndIncluding": "8.0.3", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomee:7.0.0:m1:*:*:*:*:*:*", "matchCriteriaId": "CF7BA078-B944-4A03-BC12-2DB95BD474A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomee:7.0.0:m2:*:*:*:*:*:*", "matchCriteriaId": "9E520207-5DC0-4B93-8A66-D9396EB64559", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomee:7.0.0:m3:*:*:*:*:*:*", "matchCriteriaId": "19027673-1DF2-47D6-90F2-FD59DD2E690B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomee:8.0.0:m1:*:*:*:*:*:*", "matchCriteriaId": "AADB1D64-64A7-44C8-B433-550AA6A0E6A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case."}, {"lang": "es", "value": "Si Apache TomEE versiones 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 est\u00e1 configurado para utilizar el broker ActiveMQ insertado y el broker config est\u00e1 configurado inapropiadamente, un puerto JMX es abierto en el puerto TCP 1099, que no incluye autenticaci\u00f3n. CVE-2020-11969 abord\u00f3 previamente la creaci\u00f3n de la interfaz de administraci\u00f3n JMX, sin embargo, una correcci\u00f3n incompleta no cubri\u00f3 este caso extremo"}], "id": "CVE-2020-13931", "lastModified": "2023-11-07T03:17:00.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-18T00:15:14.190", "references": [{"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4%40%3Cdev.tomee.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9%40%3Cdev.tomee.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}