Maven package
org.apache.activemq/artemis-server
pkg:maven/org.apache.activemq/artemis-server
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27446 | Cri | 9.8 | >= 2.11.0, <= 2.44.0 | — | Mar 4, 2026 | Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rog | |
| CVE-2025-27427 | Med | 4.3 | >= 2.0.0, < 2.40.0 | 2.40.0 | Apr 1, 2025 | A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular ad | |
| CVE-2022-35278 | Med | 6.1 | < 2.24.0 | 2.24.0 | Aug 23, 2022 | In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. |
- affected >= 2.11.0, <= 2.44.0
Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemis. An unauthenticated remote attacker can use the Core protocol to force a target broker to establish an outbound Core federation connection to an attacker-controlled rog
- affected >= 2.0.0, < 2.40.0fixed 2.40.0
A vulnerability exists in Apache ActiveMQ Artemis whereby a user with the createDurableQueue or createNonDurableQueue permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for that particular ad
- affected < 2.24.0fixed 2.24.0
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.