What is CVE-2020-13947?

CVE-2020-13947 is a vulnerability in Apache Activemq. Published 2021-02-08.

Is CVE-2020-13947 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Activemq

CVE-2020-13947

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.

EPSS: 0.790 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a Apache Activemq — versions Apache ActiveMQ version prior to 5.15.13 and 5.16.1

Public proof-of-concept exploits

References

activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt (x_refsource_MISC)
[activemq-commits] 20210211 [activemq-website] branch master updated: Update 5.15.x fix version on CVE-2020-13947 (mailing-list, x_refsource_MLIST)
[activemq-dev] 20210211 Re: CVE-2020-13947 - XSS in WebConsole (mailing-list, x_refsource_MLIST)
[activemq-users] 20210211 Re: CVE-2020-13947 - XSS in WebConsole (mailing-list, x_refsource_MLIST)
www.oracle.com/security-alerts/cpuApr2021.html (x_refsource_MISC)
www.oracle.com/security-alerts/cpuoct2021.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-13947?: CVE-2020-13947 is a vulnerability in Apache Activemq. Published 2021-02-08.
Is CVE-2020-13947 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.