CVE-2023-46604
Published Oct 27, 2023
Last updated 6 months ago
AI description
CVE-2023-46604 is a remote code execution (RCE) vulnerability that affects Apache ActiveMQ. It stems from the Java OpenWire protocol marshaller. A remote attacker with network access to a Java-based OpenWire broker or client can exploit this vulnerability. By manipulating serialized class types in the OpenWire protocol, the attacker can cause the broker or client to instantiate any class on the classpath, potentially leading to the execution of arbitrary shell commands. It is recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 to address this issue.
- Description
- The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- activemq, activemq_legacy_openwire_module, debian_linux, e-series_santricity_unified_manager, e-series_santricity_web_services_proxy, santricity_storage_plugin
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Apache ActiveMQ Deserialization of Untrusted Data Vulnerability
- Exploit added on
- Nov 2, 2023
- Exploit action due
- Nov 23, 2023
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- security@apache.org
- CWE-502
- Hype score
- Not currently trending
CVE-2023-46604: CVE-2023-46604: Apache ActiveMQ OpenWire Deserialization RCE... (< 5.18.3 → 10.0)
@lyrie_ai
29 Apr 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA added CVE-2026-34197 to KEV: code injection in Apache ActiveMQ. The last ActiveMQ KEV bug (CVE-2023-46604) got hammered by ransomware crews within days. If your broker is internet-exposed, patch this week. https://t.co/IsE80CC4TE
@TechTranslators
25 Apr 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NEW THREAT INTEL: Apache ActiveMQ CVE-2023-46604 - CVSS 10.0 unauth RCE exploited by HelloKitty, Kinsing, Andariel (Lazarus) against 6,400+ brokers. 9 detections, 32 IOCs. https://t.co/VLnMVYKlU4 #ThreatIntel #CyberSecurity #CVE #ActiveMQ #Lazarus
@threadlinqs
22 Apr 2026
56 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
NEW THREAT INTEL: Apache ActiveMQ CVE-2023-46604 - CVSS 10.0 unauth RCE exploited by HelloKitty, Kinsing, Andariel (Lazarus) against 6,400+ brokers. 9 detections, 32 IOCs. https://t.co/VLnMVYKlU4 #ThreatIntel #CyberSecurity #CVE #ActiveMQ #Lazarus https://t.co/OIOIG9RT6H
@threadlinqs
22 Apr 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQ CVE-2023-46604 is under active exploitation—hackers can execute remote code. This affects potentially thousands of instances. Patch now. For sysadmins: how long until you can realistically patch this across prod? Reply below. #NerdieNews #CyberSecurity #InfoSec
@NewsNerdie
17 Apr 2026
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CLAUDE botnet's crashing the Apache ActiveMQ party with RCE exploits—over 2K servers compromised for DDoS fun. Don't let hackers turn your message broker into a malware mailbox! Patch now: CVE-2023-46604. 🔒 https://t.co/vFYhjNVt2c #CyberSec #InfoSec #ActiveMQ Thoughts?
@zench4n
8 Apr 2026
9 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
⚠️ **Vulnerability Alert:** Apache ActiveMQ — Consolidated RCE and Jolokia/OpenWire/Fileserver issues (CVE-2026-34197 + CVE-2024-32114 + CVE-2022-41678 + CVE-2023-46604 + CVE-2016-3088) 📅 **Timeline:** Disclosure: 2026-04-07, Patch: unknown 🆔 **CVE-2026-34197** |
@syedaquib77
7 Apr 2026
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-46604 The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access ... https://t.co/ntNFvUTZqS https://t.co/Ky2kNctGcW
@CVEradars
2 Apr 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Threat That Can’t Be Ignored: CVE-2023-46604 in Apache ActiveMQ https://t.co/TkNANPHHE1 #CyberSecurity #Technology
@Cybersecinsider
28 Mar 2026
73 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQ Exploit Leads to LockBit Ransomware https://t.co/boCFGIXYPj A recent cyber intrusion involved a threat actor exploiting a vulnerability (CVE-2023-46604) on an internet-facing Apache ActiveMQ server. The initial breach occurred in mid-February 2024, with the thr
@f1tym1
5 Mar 2026
215 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQ の脆弱性 CVE-2023-46604 を悪用:RDP への不正アクセスと LockBit の展開 https://t.co/xalaujLZS0 Apache ActiveMQ に存在する脆弱性 CVE-2023-46604 を放置した結果、19 日間にわたる潜伏期間を経て、最終的に LockBit
@iototsecnews
4 Mar 2026
182 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
North Korean state-backed group Andariel is actively exploiting critical vulnerabilities like CVE-2023-46604 and CVE-2023-42793. Leveraging tools like Ladon and AnyDesk, they are backdooring networks. Read more at the link below. https://t.co/2I8vZywkf5 #CyberSecurity
@socradar
27 Feb 2026
613 Impressions
6 Retweets
15 Likes
9 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQ Exploit Leads to LockBit Ransomware 脅威アクターがインターネットに接続されたApache ActiveMQサーバーの脆弱性CVE-2023-46604を悪用し、二度にわたって侵入した後、LockBitランサムウェアを展開した https://t.co/f1Y2
@johntheMAT
27 Feb 2026
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A threat actor exploited CVE-2023-46604 on an internet-facing Apache ActiveMQ server to deploy Metasploit stager, dump LSASS memory, and later install LockBit ransomware using stolen credentials via RDP and AnyDesk. #LockBitRansomware #ApacheActiveMQ https://t.co/OrwQe3gsD5
@TweetThreatNews
27 Feb 2026
146 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical ApacheActiveMQ vulnerability (CVE-2023-46604) exploited to deploy LockBit ransomware. Ensure your systems are patched and secure. Link: https://t.co/P0yBGSQu0H #Security #Vulnerability #Exploit #Malware #Patch #Technology #CyberAttack #Data #Protection #Threat #Network h
@dailytechonx
26 Feb 2026
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
CISA warns of active exploitation of critical vulnerabilities in Soliton Systems' FileZen & Apache ActiveMQ (CVE-2023-46604), leading to LockBit ransomware deployment. Patch immediately! #Cybersecurity #AnonNews_irc #News
@AnonNews_irc
25 Feb 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Active Exploitation Alert Hackers are exploiting CVE-2023-46604 in Apache ActiveMQ to gain RDP access and deploy LockBit ransomware. Patch immediately to prevent full network compromise. https://t.co/1bV3vtkPVq #CyberSecurity #Ransomware #Apache #LockBit #CVE https://t.
@techpio_team
25 Feb 2026
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ActiveMQ RCE Exploit Leads to LockBit Ransomware via RDP Re-Entry Attackers exploited Apache ActiveMQ CVE-2023-46604 to gain RCE, drop a stager via a malicious Spring XML + CertUtil, and later returned (after eviction) to deploy LockBit using previously harvested credentials
@ThreatSynop
25 Feb 2026
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors exploit critical Apache ActiveMQ flaw CVE-2023-46604 to access an exposed Windows server via RDP and deploy LockBit ransomware across an enterprise network. #Ransomware https://t.co/80unFVySn2
@threatcluster
25 Feb 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQに存在する深刻な脆弱性(CVE-2023-46604)が悪用され、企業ネットワーク全体がLockBitランサムウェアに感染する事例が報告されました。
@omomuki_tech
25 Feb 2026
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The DFIR Report reveals how a persistent attacker exploited CVE-2023-46604 twice in 18 days to deploy LockBit ransomware. Patch your ActiveMQ servers now! #ActiveMQ #CyberSecurity #LockBit #Ransomware #InfoSec #PatchAlert #TheDFIRReport #RCE https://t.co/qfC8pExDjn
@the_yellow_fall
25 Feb 2026
315 Impressions
3 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQの既知の脆弱性(CVE-2023-46604)を突かれ、最終的にLockBitランサムウェアの展開に至った侵害事例が報告されています。 特徴的なのは、攻撃者が一度排除された後、18日後にまったく同じ手口で再侵
@MalwareBibleJP
24 Feb 2026
2445 Impressions
8 Retweets
41 Likes
14 Bookmarks
0 Replies
0 Quotes
The DFIR Report documents the exploitation of an unpatched ActiveMQ server by CVE-2023-46604. The threat actor used Metasploit tooling for privilege escalation, LSASS access and lateral movement, before LockBit was deployed via RDP using stolen credentials https://t.co/zR7jGENzcS
@virusbtn
24 Feb 2026
1239 Impressions
6 Retweets
24 Likes
3 Bookmarks
2 Replies
0 Quotes
#Malware #VulnerabilityReport Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion https://t.co/FyQw0Q6lJv
@Komodosec
8 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Apache ActiveMQ is vulnerable to remote code execution (CVE-2023-46604, CVSS 10) via the OpenWire protocol, allowing a remote attacker to run shell commands by manipulating serialized class types. Users are recommended to upgrade brokers and clients. https://t.co/qc1vqpHjt5
@0xgnharsh
4 Nov 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The ActiveMQ Flaw (CVE-2023-46604) Isn't a "Miner," It's a "Sharpire Backdoor." Are You Already Breached? Read the full report on - https://t.co/8pKO98951s https://t.co/2TDeN4C03H
@cyberbivash
3 Nov 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion https://t.co/nkvmOm2pwd
@Karma_X_Inc
3 Nov 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗣️ Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion https://t.co/PgY2Acn8kb
@fridaysecurity
3 Nov 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Case of ActiveMQ Vulnerability Exploitation to Install Sharpire (Kinsing) https://t.co/mI9tyhzKK7 The Kinsing threat actor continues to exploit known vulnerabilities, notably CVE-2023-46604 in ActiveMQ, to distribute malware across Linux and Windows systems. This group, also k
@f1tym1
30 Oct 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-53770 CVE-2025-43300 CVE-2025-5777 CVE-2024-21887 CVE-2023-46604 (@ThreatBookLabs) CVE-2025-7776 CVE-2025-54309 CVE-2025-7775 CVE-2025-53771 https://t.co/q4Rx5wWFSt
@ptdbugs
29 Aug 2025
286 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors exploit CVE-2023-46604 in Apache ActiveMQ to deploy DripDropper malware on cloud Linux systems. They patch the flaw post-compromise to block others, using PyInstaller-based DripDropper for persistence via SSH & cron jobs. Attackers leverage Dropbox and Cloudflar
@bigmacd16684
21 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems Attackers exploit CVE-2023-46604 in Apache ActiveMQ, deploy DripDr... #news https://t.co/1IXHfFzUxP
@earthnewstech
21 Aug 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hacker “Patches” Own Vulnerability to Lock Out Rivals https://t.co/tWpqjdsxb1 #ApacheActivemq #cve-2023-46604 #CybercrimeTactics
@wizconsults
20 Aug 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 サイバー犯罪者が驚愕の新戦術を開発! Apache ActiveMQの脆弱性(CVE-2023-46604、CVSS最高スコア10.0)を悪用した後、なんと攻撃者自身がそのセキュリティホールにパッチを適用する「DripDropper」マルウェアが発
@TechTrendsJP
20 Aug 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-46604 raises an interesting point: could having multiple cybersecurity tools actually enhance your defence by creating layers of protection? Is too much focus on streamlining putting you at greater risk? #infosec #cyberrisk #security https://t.co/hCMBJvaKxf
@labrat_io
20 Aug 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat actors are exploiting CVE-2023-46604 in Apache ActiveMQ (CVSS 10.0) to deploy DripDropper malware on cloud Linux systems. They modify SSH configs, use Dropbox for C2, and patch the flaw post-exploit to block rivals and evade detection. Patch immediately. #CyberSecurity
@CloneSystemsInc
20 Aug 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
👾 Hackers are massively used Apache ActiveMQ (Cve-2023-46604) and Pour Dripdroperr. It is encrypted, hiding behind Dropbox, climbs in Cron and changes ssh. The most interesting - After breaking, put an official patch to close the hole from others. The server looks clean but ht
@Hack_Your_Mom
20 Aug 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are abusing a 2-year-old #ActiveMQ bug (CVE-2023-46604) to drop #DripDropper #malware on cloud Linux servers. ➡️Malware hides via Dropbox C2 ➡️ Creates persistence & SSH backdoors ➡️ Then patches the flaw itself to evade scans Stay patched. Stay alert.
@SecurEpitome
20 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical RCE flaw in Apache ActiveMQ (CVE-2023-46604) is exploited to deploy DripDropper, HelloKitty ransomware, rootkits, and GoTitan botnet on cloud Linux systems. Attackers patch the flaw post-access. #ApacheActiveMQ #LinuxThreat https://t.co/P97W3vEMJQ
@TweetThreatNews
19 Aug 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JUST IN: Red Canary Intel detected an adversary exploiting CVE-2023-46604 in Apache ActiveMQ to gain persistent access on cloud Linux systems, patching the exploited vulnerability after securing initial access to secure their foothold and evade detection. 🌩️ 💧 Read our b
@redcanary
19 Aug 2025
16031 Impressions
16 Retweets
49 Likes
23 Bookmarks
0 Replies
2 Quotes
#DripDropper #Linux #Malware Red Canary entdeckte eine Kampagne, bei der Cyberkriminelle mit der DripDropper Linux Malware die Apache ActiveMQ-Schwachstelle CVE-2023-46604 ausnutzten, um sich dauerhaften Zugriff auf Cloud-Linux-Systeme zu verschaffen. https://t.co/k7hIueAzYe
@JjungSscg
19 Aug 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
JUST IN: Red Canary Intel detected an adversary exploiting CVE-2023-46604 in Apache ActiveMQ to gain persistent access on cloud Linux systems, patching the exploited vulnerability after securing initial access to secure their foothold and evade detection. 🌩️ 💧 Read our
@redcanary
19 Aug 2025
15 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
HTB "Broker" ActiveMQ v5.15.16以下の脆弱性(CVE-2023-46604) nginxの脆弱性を利用した権限昇格(権限昇格しなくても公開されているエクスプロイトを利用するとroot.txtはダウンロードできる)
@okuyama01891940
13 Jul 2025
264 Impressions
0 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
#opendir hosting exploit for Apache #ActiveMQ #CVE-2023-46604 172.104.160.236:8001 🇸🇬 Zip of files: https://t.co/pdeezArSf1 https://t.co/3ZxSyqfMEJ
@sicehice
29 Dec 2024
1521 Impressions
6 Retweets
28 Likes
6 Bookmarks
0 Replies
0 Quotes
Apache ActiveMQ の脆弱性 CVE-2023-46604:Mauri ランサムウェアが悪用 https://t.co/mb9Ub6N2xk Apache ActiveMQ の脆弱性 CVE-2023-46604 ですが、すでに Mauri… https://t.co/6sk4RgFqSe
@iototsecnews
16 Dec 2024
65 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ! CVE-2023-46604 is a critical vulnerability affecting the Java OpenWire protocol used by Apache ActiveMQ. This flaw enables remote attackers with network access to execute arbitrary shell commands by… https
@Loginsoft_Inc
12 Dec 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #MediumCompleteness Mauri Ransomware Threat Actors Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604) | 09-12-2024 Source: https://t.co/a2Px0dwVEV Key details below ↓ 🧑💻Actors/Campaigns: Andariel 💀Threats: Mauricrypt, Coinminer, Cobalt_strike, Hellokitt
@rst_cloud
11 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mauri Ransomware exploits Apache ActiveMQ flaw in its attack #MauriRansomware #ApacheActiveMQ #CVE-2023-46604 https://t.co/24fA5b6Eg6
@pravin_karthik
11 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CUIDADO: Vulneraabilidad en Apache ActiveMQ (CVE-2023-46604) está siendo explotada por Mauri Ransomware
@fcabrera222
10 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert: Apache ActiveMQ Vulnerability (CVE-2023-46604) 🛑 Vulnerability Details: Exploitable via OpenWire protocol by manipulating serialized class types. Allows remote code execution & arbitrary command execution. Actively exploited by groups like Andariel,… http
@GHak2learn27752
10 Dec 2024
113 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28B695E3-E637-44DC-BF2C-A24943EADBA1",
"versionEndExcluding": "5.15.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A5C039-10BA-4D0E-A243-6B313721C7FF",
"versionEndExcluding": "5.16.7",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8395C4-40D7-4BD3-970B-3F0E32BCB771",
"versionEndExcluding": "5.17.6",
"versionStartIncluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDA18155-D2AD-459A-94C7-136F981FD252",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D92110D-B913-4431-B7EB-0C949544E7B8",
"versionEndExcluding": "5.15.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8476D8D6-8394-4CD0-9E8C-41DCD96983BE",
"versionEndExcluding": "5.16.7",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "050649B9-4196-4BA1-9323-6B49E45B2E98",
"versionEndExcluding": "5.17.6",
"versionStartIncluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9AE45E-8CDE-4083-A996-D0E90EA0A792",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_unified_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB695329-036B-447D-BEB0-AA4D89D1D99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F148EC-6D6D-4C4F-B57C-CFBCD3D32B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_storage_plugin:-:*:*:*:*:vcenter:*:*",
"matchCriteriaId": "82E94B87-065E-475F-815C-F49978CE22FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]