Description
ActiveMQ has an OpenWire-protocol broker on TCP port 61616. It allows unauthenticated attackers to manipulate serialized class types leading to arbitrary code execution.
Remediation
Upgrade to the latest version of ActiveMQ
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11620)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17571)
SAP BO BIP SSRF (CVE-2020-6308)
SAML Consumer Service XML entity injection (XXE)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11112)