- Description
- The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Nov 2, 2023
- Exploit action due
- Nov 23, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- security@apache.org
- CWE-502
- Hype score
- Not currently trending
#opendir hosting exploit for Apache #ActiveMQ #CVE-2023-46604 172.104.160.236:8001 🇸🇬 Zip of files: https://t.co/pdeezArSf1 https://t.co/3ZxSyqfMEJ
@sicehice
29 Dec 2024
1521 Impressions
6 Retweets
28 Likes
6 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQ の脆弱性 CVE-2023-46604:Mauri ランサムウェアが悪用 https://t.co/mb9Ub6N2xk Apache ActiveMQ の脆弱性 CVE-2023-46604 ですが、すでに Mauri… https://t.co/6sk4RgFqSe
@iototsecnews
16 Dec 2024
65 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ! CVE-2023-46604 is a critical vulnerability affecting the Java OpenWire protocol used by Apache ActiveMQ. This flaw enables remote attackers with network access to execute arbitrary shell commands by… https
@Loginsoft_Inc
12 Dec 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604) | 09-12-2024 Source: https://t.co/a2Px0dwVEV Key details below ↓ 🧑💻Actors/Campaigns: Andariel 💀Threats: Mauricrypt, Coinminer, Cobalt_strike, Hellokitt
@rst_cloud
11 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mauri Ransomware exploits Apache ActiveMQ flaw in its attack #MauriRansomware #ApacheActiveMQ #CVE-2023-46604 https://t.co/24fA5b6Eg6
@pravin_karthik
11 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CUIDADO: Vulneraabilidad en Apache ActiveMQ (CVE-2023-46604) está siendo explotada por Mauri Ransomware
@fcabrera222
10 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert: Apache ActiveMQ Vulnerability (CVE-2023-46604) 🛑 Vulnerability Details: Exploitable via OpenWire protocol by manipulating serialized class types. Allows remote code execution & arbitrary command execution. Actively exploited by groups like Andariel,… http
@GHak2learn27752
10 Dec 2024
113 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#ThreatProtection Beware: Apache ActiveMQ vulnerability (CVE-2023-46604) is reportedly being exploited by Mauri Ransomware. Read more about Symantec's protections: https://t.co/k7DilluMpA
@threatintel
10 Dec 2024
984 Impressions
2 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2023-46604: Mauri Ransomware Exploits Apache ActiveMQ Flaw ⚠️This vulnerability allows attackers to execute malicious commands remotely on unpatched servers, potentially leading to data breaches, system compromises, or ransomware deployments. ZoomEye Dork👉app:"Apache… h
@zoomeye_team
9 Dec 2024
495 Impressions
2 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) https://t.co/Ig7V5QVghb The AhnLab Security Intelligence Response Center (ASEC) has revealed that threat actors exploiting a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, have begun depl…
@f1tym1
9 Dec 2024
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🗣 Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) https://t.co/QGziNVp5NT
@fridaysecurity
9 Dec 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) Stay informed about the latest cyber threat: Mauri ransomware exploiting a critical vulnerability (CVE-2023-46604) in #Apache #ActiveMQ https://t.co/AwojUhUg5f
@the_yellow_fall
9 Dec 2024
94 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Mauri Ransomware Group Targeting Apache ActiveMQ Vulnerability (CVE-2023-46604) https://t.co/lhl7NkPpdE
@iProtectCSS
8 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ongoing attacks exploit CVE-2023-46604 in Apache ActiveMQ to install CoinMiners & Mauri ransomware on unpatched systems. Tools like Ladon & z0Miner are used. Timely updates are crucial! 🔒💻 #CVE202346604 #RansomwareThreat #ActiveMQ #ThreatResearch link: https://t.co/gDg
@TweetThreatNews
8 Dec 2024
10 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔒 Ataques detectados contra Apache ActiveMQ utilizando CVE-2023-46604 para distribuir ransomware Mauri 🚨 El Centro de Respuesta de Emergencia de Seguridad de AhnLab (ASEC) ha identificado ataques que explotan la vulnerabilidad CVE-2023-46604 en Apache ActiveMQ. Esta… https://t
@MDmanfredi
3 Dec 2024
111 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28B695E3-E637-44DC-BF2C-A24943EADBA1",
"versionEndExcluding": "5.15.16"
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8A5C039-10BA-4D0E-A243-6B313721C7FF",
"versionEndExcluding": "5.16.7",
"versionStartIncluding": "5.16.0"
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C8395C4-40D7-4BD3-970B-3F0E32BCB771",
"versionEndExcluding": "5.17.6",
"versionStartIncluding": "5.17.0"
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDA18155-D2AD-459A-94C7-136F981FD252",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.18.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D92110D-B913-4431-B7EB-0C949544E7B8",
"versionEndExcluding": "5.15.16"
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8476D8D6-8394-4CD0-9E8C-41DCD96983BE",
"versionEndExcluding": "5.16.7",
"versionStartIncluding": "5.16.0"
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "050649B9-4196-4BA1-9323-6B49E45B2E98",
"versionEndExcluding": "5.17.6",
"versionStartIncluding": "5.17.0"
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE9AE45E-8CDE-4083-A996-D0E90EA0A792",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.18.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41"
},
{
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"vulnerable": true,
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"
}
],
"operator": "OR"
}
]
}
]