PULSE
EN VIVO37señales / 24h
FEED
ransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomthegentlemen reclama a Tangram Interiors · GB · Business Servicesransomthegentlemen reclama a BRAC · BD · Business Servicesransomthegentlemen reclama a Customs Watch · US · Public Sectorransomthegentlemen reclama a Gallant · FI · Not Foundransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomthegentlemen reclama a Tangram Interiors · GB · Business Servicesransomthegentlemen reclama a BRAC · BD · Business Servicesransomthegentlemen reclama a Customs Watch · US · Public Sectorransomthegentlemen reclama a Gallant · FI · Not Found
← Todos los CVEs
CVE Watch

CVE-2023-46604

Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

CVSS

Sin CVSS

EPSS

99.7%

p100

KEV

2 nov 2023

Exploit Today

80

0-100

Publicado: · Última mod.:

EPSS · 30d
99.7%EPSS · 30 días99.7%
2026-06-302026-07-16
Ficha del catálogo KEV

Producto

Apache / ActiveMQ

Vulnerabilidad

Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

Añadido a KEV

2 nov 2023

Remediar antes de

23 nov 2023

Uso conocido en ransomware

Descripción resumida

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

Acción requerida

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notas

https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt; https://nvd.nist.gov/vuln/detail/CVE-2023-46604

CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2016-3088
99.9%
KEV80Apache ActiveMQ Improper Input Validation Vulnerability
CVE-2026-341978.8 ALT
99.9%
KEV80Apache ActiveMQ Improper Input Validation Vulnerability2d