CVE-2020-1941

Summary

CVE	CVE-2020-1941
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-05-14 17:15:00 UTC
Updated	2023-11-07 03:19:00 UTC
Description	In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Activemq	All	All	All	All
Application	Oracle	Communications Diameter Signaling Router	All	All	All	All
Application	Oracle	Communications Element Manager	8.1.1	All	All	All
Application	Oracle	Communications Element Manager	8.2.0	All	All	All
Application	Oracle	Communications Element Manager	8.2.1	All	All	All
Application	Oracle	Communications Element Manager	8.1.1	All	All	All
Application	Oracle	Communications Element Manager	8.2.0	All	All	All
Application	Oracle	Communications Element Manager	8.2.1	All	All	All
Application	Oracle	Communications Session Report Manager	8.1.1	All	All	All
Application	Oracle	Communications Session Report Manager	8.2.0	All	All	All
Application	Oracle	Communications Session Report Manager	8.2.1	All	All	All
Application	Oracle	Communications Session Report Manager	8.1.1	All	All	All
Application	Oracle	Communications Session Report Manager	8.2.0	All	All	All
Application	Oracle	Communications Session Report Manager	8.2.1	All	All	All
Application	Oracle	Communications Session Route Manager	8.1.1	All	All	All
Application	Oracle	Communications Session Route Manager	8.2.0	All	All	All
Application	Oracle	Communications Session Route Manager	8.2.1	All	All	All
Application	Oracle	Communications Session Route Manager	8.1.1	All	All	All
Application	Oracle	Communications Session Route Manager	8.2.0	All	All	All
Application	Oracle	Communications Session Route Manager	8.2.1	All	All	All
Application	Oracle	Enterprise Repository	11.1.1.7.0	All	All	All
Application	Oracle	Enterprise Repository	11.1.1.7.0	All	All	All
Application	Oracle	Flexcube Private Banking	12.0.0	All	All	All
Application	Oracle	Flexcube Private Banking	12.1.0	All	All	All
Application	Oracle	Flexcube Private Banking	12.0.0	All	All	All
Application	Oracle	Flexcube Private Banking	12.1.0	All	All	All

References

Reference	Source	Link	Tags
Pony Mail!		lists.apache.org
Oracle Critical Patch Update Advisory - July 2020	MISC	www.oracle.com	Third Party Advisory
Oracle Critical Patch Update Advisory - October 2020	MISC	www.oracle.com	Third Party Advisory
activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt	MISC	activemq.apache.org	Vendor Advisory
Oracle Critical Patch Update Advisory - July 2021	N/A	www.oracle.com
[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947		lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org	Mailing List, Patch, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Pony Mail!	MLIST	lists.apache.org	Mailing List, Vendor Advisory
Oracle Critical Patch Update Advisory - April 2021	MISC	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

982249 Java (maven) Security Update for org.apache.activemq:activemq-web-console (GHSA-cc94-3v9c-7rm8)