CVE-2020-11969

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11969

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11969.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11969

Aliases

GHSA-836g-5fr5-fgcr

Published

2020-06-15T20:15:11.147Z

Modified

2025-11-20T11:08:53.758657Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.

References

Affected packages

Git / github.com/apache/tomee

Affected ranges

Type: GIT
Repo: https://github.com/apache/tomee
Events: Introduced

83c249c71f8dbc7aa149e202be0c0bdc01b6469e

Last affected

0bbaf5086db3a716a3976635c2d8b8e1b28ad9d4

Introduced

a789142b0448aa9a65adcc0cd032f56ad7f756f6

Last affected

24420829cd7de768df247fa7b3c8ae62c13a68e2

Introduced

2fd9372ccc2438b6b42021c46f51bf91add099e1

Last affected

38d3d3041e8489c312ffaa9fa6c694e072b444e8

Introduced

8c6358cca46e431df78fc9c7d818259a9ba8635b

Last affected

4ec1e7e4017fceb7b40b582ad6897a49b84e7643

Last affected

510c4bade028e1fd52412618c2f578e05164214d

Last affected

8846c3f4d05722717b65e9bef9384c2928b7cfe9

Last affected

bdcec137dd4eb1658e78ddcf5b7b15ac583daea1

Last affected

ecdcd044f92953e55d9e7a948968de918edb4ed6

Affected versions

tomee-7.*

tomee-7.0.4-TT.1

tomee-7.0.4-TT.2

tomee-7.0.5

tomee-7.0.5-TT.2

tomee-7.0.5-TT.3

tomee-7.0.5-TT.4

tomee-7.1.0

tomee-7.1.0-TT.1

tomee-7.1.1

tomee-7.1.2

tomee-8.*

tomee-8.0.0

tomee-8.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11969.json"