QID 980990
QID 980990: Java (maven) Security Update for org.apache.activemq:activemq-client (GHSA-m9w8-v359-9ffr)
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.
Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.
Solution
Customers are advised to refer to GHSA-m9w8-v359-9ffr for updates pertaining to this vulnerability.
Vendor References
- GHSA-m9w8-v359-9ffr -
github.com/advisories/GHSA-m9w8-v359-9ffr
CVEs related to QID 980990
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-m9w8-v359-9ffr | org.apache.activemq:activemq-client |
|