VYPR
High severityNVD Advisory· Published Jun 15, 2020· Updated Aug 4, 2024

CVE-2020-11969

CVE-2020-11969

Description

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomee:tomeeMaven
>= 8.0.0-M1, < 8.0.28.0.2
org.apache.tomee:tomeeMaven
>= 7.1.0, < 7.1.37.1.3
org.apache.tomee:tomeeMaven
>= 7.0.0-M1, < 7.0.87.0.8
org.apache.tomee:tomeeMaven
>= 1.0.0, < 1.7.61.7.6

Affected products

2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.