If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-04T12:32:14.285Z

Reserved: 2020-06-08T00:00:00

Link: CVE-2020-13931

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-12-18T00:15:14.190

Modified: 2024-11-21T05:02:10.350

Link: CVE-2020-13931

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.