VYPR
Critical severityNVD Advisory· Published Dec 17, 2020· Updated Aug 4, 2024

CVE-2020-13931

CVE-2020-13931

Description

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomee:apache-tomeeMaven
>= 8.0.0, < 8.0.48.0.4
org.apache.tomee:apache-tomeeMaven
>= 7.1.0, < 7.1.47.1.4
org.apache.tomee:apache-tomeeMaven
< 7.0.97.0.9

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.