ID

VAR-202005-0665


CVE

CVE-2020-1941


TITLE

Apache ActiveMQ Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005358

DESCRIPTION

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. Apache ActiveMQ Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Apache ActiveMQ is a set of open source message middleware of the Apache Software Foundation in the United States. It supports Java message services, clusters, Spring Framework, etc. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2020-1941 // JVNDB: JVNDB-2020-005358 // VULHUB: VHN-172785 // VULMON: CVE-2020-1941

AFFECTED PRODUCTS

vendor:oraclemodel:communications element managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.0

Trust: 1.0

vendor:apachemodel:activemqscope:lteversion:5.15.11

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:apachemodel:activemqscope:gteversion:5.0.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.0

Trust: 1.0

vendor:apachemodel:activemqscope:eqversion:5.0.0 から 5.15.11

Trust: 0.8

vendor:apachemodel:activemqscope:eqversion:5.0.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.1.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.2.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.3.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.3.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.3.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.4.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.4.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.4.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.4.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.5.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.5.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.6.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.7.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.8.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.9.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.9.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.10.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.10.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.10.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.11.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.11.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.11.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.11.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.12.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.12.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.12.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.12.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.4

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.5

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.4

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.5

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.4

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.5

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.6

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.7

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.8

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.11

Trust: 0.1

sources: VULMON: CVE-2020-1941 // JVNDB: JVNDB-2020-005358 // NVD: CVE-2020-1941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1941
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005358
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-790
value: MEDIUM

Trust: 0.6

VULHUB: VHN-172785
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-1941
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1941
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005358
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-172785
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1941
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005358
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-172785 // VULMON: CVE-2020-1941 // JVNDB: JVNDB-2020-005358 // CNNVD: CNNVD-202005-790 // NVD: CVE-2020-1941

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-172785 // JVNDB: JVNDB-2020-005358 // NVD: CVE-2020-1941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-790

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202005-790

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005358

PATCH

title:CVE-2020-1941 - XSS in WebConsoleurl:http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt

Trust: 0.8

title:Apache ActiveMQ Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=118745

Trust: 0.6

sources: JVNDB: JVNDB-2020-005358 // CNNVD: CNNVD-202005-790

EXTERNAL IDS

db:NVDid:CVE-2020-1941

Trust: 2.6

db:JVNDBid:JVNDB-2020-005358

Trust: 0.8

db:CNNVDid:CNNVD-202005-790

Trust: 0.7

db:AUSCERTid:ESB-2020.3485

Trust: 0.6

db:NSFOCUSid:48756

Trust: 0.6

db:VULHUBid:VHN-172785

Trust: 0.1

db:VULMONid:CVE-2020-1941

Trust: 0.1

sources: VULHUB: VHN-172785 // VULMON: CVE-2020-1941 // JVNDB: JVNDB-2020-005358 // CNNVD: CNNVD-202005-790 // NVD: CVE-2020-1941

REFERENCES

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 2.3

url:http://activemq.apache.org/security-advisories.data/cve-2020-1941-announcement.txt

Trust: 1.8

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-1941

Trust: 1.4

url:https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3ccommits.activemq.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3ccommits.activemq.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3ccommits.activemq.apache.org%3e

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1941

Trust: 0.8

url:https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3ccommits.activemq.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3ccommits.activemq.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3ccommits.activemq.apache.org%3e

Trust: 0.7

url:http://www.nsfocus.net/vulndb/48756

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-activemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-1941/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-apache-activemq-used-in-cloud-pak-system-cve-2020-1941-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-avtivemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-1941/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-apache-activemq-used-in-cloud-pak-system-cve-2020-1941-2/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-apache-activemq-used-in-cloud-pak-system-cve-2020-1941/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-activemq-camel-5-15-9-jar-cve-2015-5182-cve-2015-5183-cve-2015-5184-cve-2020-1941/

Trust: 0.6

url:https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-july-2020-32829

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-activemq-cross-site-scripting-via-webconsole-admin-gui-33509

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3485/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181957

Trust: 0.1

sources: VULHUB: VHN-172785 // VULMON: CVE-2020-1941 // JVNDB: JVNDB-2020-005358 // CNNVD: CNNVD-202005-790 // NVD: CVE-2020-1941

SOURCES

db:VULHUBid:VHN-172785
db:VULMONid:CVE-2020-1941
db:JVNDBid:JVNDB-2020-005358
db:CNNVDid:CNNVD-202005-790
db:NVDid:CVE-2020-1941

LAST UPDATE DATE

2024-08-14T12:43:05.040000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-172785date:2022-10-05T00:00:00
db:VULMONid:CVE-2020-1941date:2021-02-10T00:00:00
db:JVNDBid:JVNDB-2020-005358date:2020-06-12T00:00:00
db:CNNVDid:CNNVD-202005-790date:2022-10-08T00:00:00
db:NVDid:CVE-2020-1941date:2023-11-07T03:19:37.307

SOURCES RELEASE DATE

db:VULHUBid:VHN-172785date:2020-05-14T00:00:00
db:VULMONid:CVE-2020-1941date:2020-05-14T00:00:00
db:JVNDBid:JVNDB-2020-005358date:2020-06-12T00:00:00
db:CNNVDid:CNNVD-202005-790date:2020-05-14T00:00:00
db:NVDid:CVE-2020-1941date:2020-05-14T17:15:12.320