UBUNTU-CVE-2021-26117

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-26117

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-26117.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-26117

Related

Published

2021-01-27T19:15:00Z

Modified

2024-10-15T14:08:03Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

References

Affected packages

Ubuntu:Pro:16.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.13.2+dfsg-2ubuntu0.1~esm1

Affected versions

5.*

5.6.0+dfsg1-4+deb8u1ubuntu1

5.6.0+dfsg1-5

5.13.2+dfsg-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.13.2+dfsg-2ubuntu0.1~esm1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.13.2+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libactivemq-java"
        },
        {
            "binary_version": "5.13.2+dfsg-2ubuntu0.1~esm1",
            "binary_name": "libactivemq-java-doc"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.8-2~18.04.1~esm1

Affected versions

5.*

5.14.5-3

5.15.2-2

5.15.3-2

5.15.8-2~18.04

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.15.8-2~18.04.1~esm1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.15.8-2~18.04.1~esm1",
            "binary_name": "libactivemq-java"
        }
    ]
}

Ubuntu:20.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.15.10-1

5.15.11-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.11-1ubuntu0.1~esm1

Affected versions

5.*

5.15.10-1

5.15.11-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.15.11-1ubuntu0.1~esm1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.15.11-1ubuntu0.1~esm1",
            "binary_name": "libactivemq-java"
        }
    ]
}

Ubuntu:22.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.16.1-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.16.1-1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.16.1-1",
            "binary_name": "libactivemq-java"
        }
    ]
}

Ubuntu:24.10 / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.6+dfsg-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.17.6+dfsg-1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.17.6+dfsg-1",
            "binary_name": "libactivemq-java"
        }
    ]
}

Ubuntu:24.04:LTS / activemq

Package

Name: activemq
Purl: pkg:deb/ubuntu/activemq?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.17.6+dfsg-1

Affected versions

5.*

5.17.2+dfsg-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.17.6+dfsg-1",
            "binary_name": "activemq"
        },
        {
            "binary_version": "5.17.6+dfsg-1",
            "binary_name": "libactivemq-java"
        }
    ]
}