CVE-2020-11998
CRITICALJava - RCE
Title source: llmDescription
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13
Exploits (1)
nomisec
WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/apache__activemq_CVE-2020-11998_5-15-12
References (7)
Scores
CVSS v3
9.8
EPSS
0.0691
EPSS Percentile
91.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (9)
apache/activemq
5.15.12
oracle/communications_diameter_signaling_router
8.0.0 - 8.5.0
oracle/communications_element_manager
8.2.0 - 8.2.4.0
oracle/communications_session_report_manager
8.0.0 - 8.2.2
oracle/communications_session_route_manager
8.0.0 - 8.2.2
oracle/enterprise_repository
11.1.1.7.0
oracle/flexcube_private_banking
12.0.0
oracle/flexcube_private_banking
12.1.0
org.apache.activemq/activemq-parent
5.15.12 - 5.15.13Maven
Published
Sep 10, 2020
Tracked Since
Feb 18, 2026