WARNING: A HIGH-SEVERITY VULNERABILITY AFFECTS APACHE ACTIVEMQ
CVE-2024-32114: CVSS 8.5 (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H)
Sources
Apache - https://activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt
Risks
ActiveMQ, the Java-based message broker that connects components across various servers and programming languages is affected by a vulnerability that allows an attacker to get unauthorized access to two of the technology’s critical APIs.
The vulnerability has a low attack complexity, does not require any privileges and has a high impact on Confidentiality and Availability.
Description
CVE-2024-32114: Unauthorized access
An insecure default setting allows an attacker to access to the critical APIs “Jolokia JMX REST” and “Message REST” without any required authentication.
Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API).
This vulnerability exposes systems to significant risks, including unauthorized data access, data manipulation, and service interruptions.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.
Mitigation
To mitigate, users can update the default conf/jetty.xml configuration file to add authentication requirement:
<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping"> <property name="constraint" ref="securityConstraint" /> <property name="pathSpec" value="/" /> </bean>
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
SOCRadar - https://socradar.io/new-high-severity-vulnerability-in-apache-activemq-p...