Apache ActiveMQ Remote Code Execution Vulnerability
Priority: ● Critical
Status: In Progress - Undergoing Analysis
First Published: 4 December, 2023
Advisory Version: 1.0
References: CVE-2023-46604
Summary
A remote code execution vulnerability was recently discovered that affects certain versions of Apache ActiveMQ. Specifically, this vulnerability could allow a remote attacker who has network access to a Java-based OpenWire broker or client to execute arbitrary shell commands.
Affected Products
Vulnerable Products
| Product | Fixed Release Version |
| Software |
| Hitachi Ops Center Administrator | An affected version of Apache ActiveMQ is used. A fixed version is currently being developed and tested. |
Products Confirmed Not Vulnerable
At the time of this advisory's publication, only products listed in the Vulnerable Products section above are confirmed to be affected by this vulnerability.
Recommended Actions
Fixed Software
Hitachi Vantara is currently developing and testing a fix for this vulnerability. Please continue to check this advisory for any new information regarding the release schedule of the fixed version of Hitachi Ops Center Administrator.
If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.
The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.