VDB
DEBIAN-CVE-2023-46604
DEBIAN-CVE-2023-46604
PUBLISHED
CVSS 9.800000190734863 CRITICAL
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | activemq | 5.17.2+dfsg, 0, * |
| Debian:13 | activemq | 0, 0, 0 |
| Debian:11 | activemq | 5.16.1-1, 0, 0 |
Exploit Intelligence
- aelshimony-cloud/OpenWire-CVE-2023-46604-Investigation (github-poc-repo)
- aelshimony-cloud/OpenWire-CVE-2023-46604-Investigation (github-poc)
- CVE-2023-46604-RCE exploit with Linux reverse shell payload (github-poc-repo)
- CVE-2023-46604-RCE exploit with Linux reverse shell payload (github-poc)
- CVE-2023-46604 (github-poc)
- Instructions for exploiting vulnerabilities CVE-2021-44228 and CVE-2023-46604 (github-poc-repo)
- activemq-rce-cve-2023-46604 (github-poc-repo)
- El script explota una vulnerabilidad de deserialización insegura en Apache ActiveMQ (CVE-2023-46604) (github-poc-repo)
- CVE-2023-46604 (Apache ActiveMQ RCE Vulnerability) and focused on getting Indicators of Compromise. (github-poc-repo)
- ActiveMQ RCE (CVE-2023-46604) 回显利用工具 (github-poc-repo)
…and 60 more exploits
Timeline
- Oct 27, 2023 CVE Published
- Apr 28, 2026 CVE Updated