While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-1379 While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.
Github GHSA Github GHSA GHSA-q7fr-vqhq-v5xr Apache ActiveMQ Artemis vulnerable to Improper Access Control
Fixes

Solution

No solution given by the vendor.


Workaround

Upgrade to Apache ActiveMQ Artemis 2.16.0

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-02-13T16:27:51.360Z

Reserved: 2021-01-25T00:00:00.000Z

Link: CVE-2021-26118

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-01-27T19:15:13.780

Modified: 2024-11-21T05:55:54.040

Link: CVE-2021-26118

cve-icon Redhat

Severity : Important

Publid Date: 2020-10-28T12:25:00Z

Links: CVE-2021-26118 - Bugzilla

cve-icon OpenCVE Enrichment

No data.