Apache ActiveMQ 5.18.x Support

Common Vulnerabilities & Exposures (CVE)

First release: 2023-03-18

Support Lifecycle: Full Support

CVEs: 3

Namespace: javax

Get Support

What Versions do we cover?

5.18.0

5.18.1

5.18.2

5.18.3

5.18.6

5.18.5

5.18.7

5.18.4

Latest Apache ActiveMQ 5.18.x CVEs

CVE

Severity

Description

Category

Affected

CVE-2023-46604

2023-10-24

10.0

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

data operational

7.5

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

5.3

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

data operational

Denial-of-service vulnerability

Details

Most Critical Apache ActiveMQ 5.18.x CVEs

CVE

Severity

Description

What We Deliver

Migration support

Production & Development support

1 hr response-time

Unlimited support incidents

5 languages supported

Fast bug fixes & security patch turnaround

Enterprise Support Details

Subscription Level

Bronze

Silver

Gold

Core Count

64 cores

120 cores

248 cores

Apache Tomcat

✓

Apache TomEE

✓

Apache ActiveMQ

✓

Tribestream API Gateway

✓

SLA

24x7

Response Time

1hr

Incidents

unlimited

CVE Patching

unlimited

Developer Questions

1 parallel

2 parallel

4 parallel

Admin Contacts

Phone, Email, Portal

✓

Professional Services

3 days

5 days

10 days

Training

2 days

3 days

5 days

Feature Development

10 days

17 days

25 days

Apache ActiveMQ 5.18.x Support

Common Vulnerabilities & Exposures (CVE)

What Versions do we cover?

Latest Apache ActiveMQ 5.18.x CVEs

Most Critical Apache ActiveMQ 5.18.x CVEs

What We Deliver

Migration support

Production & Development support

1 hr response-time

Unlimited support incidents

5 languages supported

Fast bug fixes & security patch turnaround

Enterprise Support Details

Tomitribe

Services

Open Source