CVE-2023-46604

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Apr/18	Mailing List Third Party Advisory
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt	Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html	Mailing List
https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20231110-0010/	Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/10/27/5	Mailing List
http://seclists.org/fulldisclosure/2024/Apr/18	Mailing List Third Party Advisory
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt	Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html	Mailing List
https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html	Exploit Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20231110-0010/	Third Party Advisory
https://www.openwall.com/lists/oss-security/2023/10/27/5	Mailing List

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:activemq::::::::
	cpe:2.3:a:apache:activemq::::::::
	cpe:2.3:a:apache:activemq::::::::
	cpe:2.3:a:apache:activemq::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:apache:activemq_legacy_openwire_module::::::::
	cpe:2.3:a:apache:activemq_legacy_openwire_module::::::::
	cpe:2.3:a:apache:activemq_legacy_openwire_module::::::::
	cpe:2.3:a:apache:activemq_legacy_openwire_module::::::::

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::*
	cpe:2.3:a:netapp:santricity_storage_plugin:-:::::vcenter::

History

13 Feb 2025, 18:15

Type	Values Removed	Values Added
Summary	(en) The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.	(en) The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

23 Jan 2025, 16:16

Type	Values Removed	Values Added
References	~~() https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html - Mailing List

21 Nov 2024, 08:28

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 10.0
References	~~() http://seclists.org/fulldisclosure/2024/Apr/18 - Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2024/Apr/18 - Mailing List, Third Party Advisory
References	~~() https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt - Vendor Advisory~~	() https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt - Vendor Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html - Mailing List, Third Party Advisory
References	~~() https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry~~	() https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References	~~() https://security.netapp.com/advisory/ntap-20231110-0010/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20231110-0010/ - Third Party Advisory
References	~~() https://www.openwall.com/lists/oss-security/2023/10/27/5 - Mailing List~~	() https://www.openwall.com/lists/oss-security/2023/10/27/5 - Mailing List

27 Jun 2024, 18:30

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2024/Apr/18 -~~	() http://seclists.org/fulldisclosure/2024/Apr/18 - Mailing List, Third Party Advisory
References	~~() https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html -~~	() https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html - Mailing List, Third Party Advisory
References	~~() https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html -~~	() https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References	~~() https://security.netapp.com/advisory/ntap-20231110-0010/ -~~	() https://security.netapp.com/advisory/ntap-20231110-0010/ - Third Party Advisory
References	~~() https://www.openwall.com/lists/oss-security/2023/10/27/5 -~~	() https://www.openwall.com/lists/oss-security/2023/10/27/5 - Mailing List
First Time		Netapp e-series Santricity Web Services Proxy Netapp Netapp santricity Storage Plugin Debian debian Linux Debian Netapp e-series Santricity Unified Manager
CPE		cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:::::::* cpe:2.3:a:netapp:santricity_storage_plugin:-:::::vcenter::

11 Apr 2024, 08:15

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Apr/18 -

28 Nov 2023, 15:15

Type	Values Removed	Values Added
References	{'url': 'http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html', 'name': 'http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html', 'tags': [], 'refsource': ''}	() https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html -

20 Nov 2023, 22:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html -

Information

Published : 2023-10-27 15:15

Updated : 2025-02-13 18:15

NVD link : CVE-2023-46604

Mitre link : CVE-2023-46604

CVE.ORG link : CVE-2023-46604

JSON object : View

Products Affected

debian

debian_linux

netapp

santricity_storage_plugin
e-series_santricity_unified_manager
e-series_santricity_web_services_proxy

apache

activemq
activemq_legacy_openwire_module

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2023-46604", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@apache.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-10-27T15:15:14.017", "references": [{"url": "http://seclists.org/fulldisclosure/2024/Apr/18", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20231110-0010/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.openwall.com/lists/oss-security/2023/10/27/5", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "http://seclists.org/fulldisclosure/2024/Apr/18", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20231110-0010/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openwall.com/lists/oss-security/2023/10/27/5", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The Java OpenWire protocol marshaller is vulnerable to Remote Code \nExecution. This vulnerability may allow a remote attacker with network \naccess to either a Java-based OpenWire broker or client to run arbitrary\n shell commands by manipulating serialized class types in the OpenWire \nprotocol to cause either the client or the broker (respectively) to \ninstantiate any class on the classpath.\n\nUsers are recommended to upgrade\n both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 \nwhich fixes this issue."}, {"lang": "es", "value": "Apache ActiveMQ es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad puede permitir que un atacante remoto con acceso a la red de un corredor ejecute comandos de shell arbitrarios manipulando tipos de clases serializadas en el protocolo OpenWire para hacer que el corredor cree una instancia de cualquier clase en el classpath. Se recomienda a los usuarios actualizar a la versi\u00f3n 5.15.16, 5.16.7, 5.17.6 o 5.18.3, que soluciona este problema."}], "lastModified": "2025-02-13T18:15:35.243", "cisaActionDue": "2023-11-23", "cisaExploitAdd": "2023-11-02", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28B695E3-E637-44DC-BF2C-A24943EADBA1", "versionEndExcluding": "5.15.16"}, {"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8A5C039-10BA-4D0E-A243-6B313721C7FF", "versionEndExcluding": "5.16.7", "versionStartIncluding": "5.16.0"}, {"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C8395C4-40D7-4BD3-970B-3F0E32BCB771", "versionEndExcluding": "5.17.6", "versionStartIncluding": "5.17.0"}, {"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDA18155-D2AD-459A-94C7-136F981FD252", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D92110D-B913-4431-B7EB-0C949544E7B8", "versionEndExcluding": "5.15.16"}, {"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8476D8D6-8394-4CD0-9E8C-41DCD96983BE", "versionEndExcluding": "5.16.7", "versionStartIncluding": "5.16.0"}, {"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "050649B9-4196-4BA1-9323-6B49E45B2E98", "versionEndExcluding": "5.17.6", "versionStartIncluding": "5.17.0"}, {"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE9AE45E-8CDE-4083-A996-D0E90EA0A792", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C"}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41"}, {"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*", "vulnerable": true, "matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Apache ActiveMQ Deserialization of Untrusted Data Vulnerability"}

10.0 /10