DEBIAN-CVE-2021-26117

DEBIAN-CVE-2021-26117 PUBLISHED CVSS 7.5 HIGH

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products

Vendor	Product	Versions
Debian:13	activemq	0, 0, 0
Debian:12	activemq	0, 0, 0
Debian:11	activemq	0, 0, 0

Timeline

Jan 27, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-26117 advisory

Open in Interactive Console →