image credit: Adobe Stock

Critical Apache ActiveMQ flaw under attack by ‘clumsy’ ransomware crims

November 2, 2023

Security researchers have confirmed that ransomware criminals are capitalizing on a maximum-severity vulnerability in Apache ActiveMQ.

Announced on October 25 and tracked as CVE-2023-46604, the insecure deserialization vulnerability allows for remote code execution (RCE) on affected versions.

“Apache ActiveMQ is vulnerable to remote code execution,” Apache said in its advisory. “The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.”

Read More on The Register