Vulnerability DatabaseCVE-2023-50780
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-50780
Published:October 14, 2024
Updated:April 20, 2026
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which are also exposed through the authenticated Jolokia endpoint. Before version 2.29.0, this also included the Log4J2 MBean. This MBean is not meant for exposure to non-administrative users. This could eventually allow an authenticated attacker to write arbitrary files to the filesystem and indirectly achieve RCE.
Related ResourcesĀ (6)
https://github.com/apache/activemq-artemis
http://www.openwall.com/lists/oss-security/2024/10/14/2
https://lists.apache.org/thread/63b78shqz312phsx7v1ryr7jv7bprg58
https://github.com/apache/activemq-artemis/commit/cfb585eaf61d570eecd65c6ad0e92282df7d3869
https://nvd.nist.gov/vuln/detail/CVE-2023-50780
https://issues.apache.org/jira/browse/ARTEMIS-4150
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Authorization
CWE-285
EPSS
Base Score:
2.71