Lucene search

GoogleOSV:CVE-2021-26117

HistoryJan 27, 2021 - 7:15 p.m.

CVE-2021-26117

2021-01-2719:15:13

Google

osv.dev

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.3%

JSON

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

CPENameOperatorVersion
activemqeq2.9.0
activemqeqactivemq-5.15.3
activemqeq2.1.0
activemqeqactivemq-5.15.4
activemqeqactivemq-5.15.9
activemqeq2.14.0
activemqeq2.8.1
activemqeq1.5.1
activemqeqactivemq-5.15.13
activemqeqactivemq-5.15.6

Name	Operator	Version
activemq	eq	2.9.0
activemq	eq	activemq-5.15.3
activemq	eq	2.1.0
activemq	eq	activemq-5.15.4
activemq	eq	activemq-5.15.9
activemq	eq	2.14.0
activemq	eq	2.8.1
activemq	eq	1.5.1
activemq	eq	activemq-5.15.13
activemq	eq	activemq-5.15.6

Rows per page:

1-10 of 391

References

lists.apache.org/thread.html/r110cacfa754471361234965ffe851a046e302ff2693b055f49f47b02%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r22cdc0fb45e223ac92bc2ceff7af92f1193dfc614c8b248534456229%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r3341d96d8f956e878fb7b463b08d57ca1d58fec9c970aee929b58e0d%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r519bfafd67091d0b91243efcb1c49b1eea27321355ba5594f679277d%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r5899ece90bcae5805ad6142fdb05c58595cff19cb2e98cc58a91f55b%40%3Cgitbox.activemq.apache.org%3E

lists.apache.org/thread.html/r70389648227317bdadcdecbd9f238571a6047469d156bd72bb0ca2f7%40%3Cgitbox.activemq.apache.org%3E

lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

lists.apache.org/thread.html/ra255ddfc8b613b80e9fa22ff3e106168b245f38a22316bfb54d21159%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/raea451de09baed76950d6a60cc4bb1b74476c505e03205a3c68c9808%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/rd05b1c9d61dbd220664d559aa0e2b55e5830f006a09e82057f3f7863%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/rd75600cee29cb248d548edcf6338fe296466d63a69e2ed0afc439ec7%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/re1b98da90a5f2e1c2e2d50e31c12e2578d61fe01c0737f9d0bd8de99%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/rec93794f8aeddf8a5f1a643d264b4e66b933f06fd72a38f31448f0ac%40%3Cgitbox.activemq.apache.org%3E

lists.apache.org/thread.html/rffa5cd05d01c4c9853b17f3004d80ea6eb8856c422a8545c5f79b1a6%40%3Ccommits.activemq.apache.org%3E

lists.debian.org/debian-lts-announce/2021/03/msg00005.html

lists.debian.org/debian-lts-announce/2023/11/msg00013.html

mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3cCAH+vQmMeUEiKN4wYX9nLBbqmFZFPXqajNvBKmzb2V8QZANcSTA%40mail.gmail.com%3e

security.netapp.com/advisory/ntap-20210304-0008/

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuoct2021.html