SymmetricalDataSecurity: Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker

Tuesday, August 4, 2020

Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker

Aug 4, 2020 8:00 pm EDT

Share this post:

CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
UCD – IBM UrbanCode Deploy	6.2.7.4
UCD – IBM UrbanCode Deploy	6.2.7.3
UCD – IBM UrbanCode Deploy	7.0.4.0
UCD – IBM UrbanCode Deploy	7.0.3.0
UCD – IBM UrbanCode Deploy	All

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6233386

from IBM Product Security Incident Response Team https://ift.tt/2EOkAkZ

SymmetricalDataSecurity

Tuesday, August 4, 2020

Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews