What is CVE-2024-32114?

CVE-2024-32114 is a high-severity vulnerability in Apache Software Foundation Activemq, classified under Initialization of a Resource with an Insecure Default. CVSS score: 8.5/10. Published 2024-05-02.

How severe is CVE-2024-32114?

High severity. CVSS v3 base score is 8.5 out of 10.

Is CVE-2024-32114 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Apache Software Foundation Activemq

CVE-2024-32114

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Pote…

EPSS: 0.673 (98.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H.

Affected products

Apache Software Foundation Activemq — versions 6.0.0

Weakness classification (CWE)

CWE-1188 — Initialization of a Resource with an Insecure Default

Public proof-of-concept exploits

References

activemq.apache.org/security-advisories.data/CVE-2024-32114-announcement.txt (vendor-advisory)

Frequently asked questions

What is CVE-2024-32114?: CVE-2024-32114 is a high-severity vulnerability in Apache Software Foundation Activemq, classified under Initialization of a Resource with an Insecure Default. CVSS score: 8.5/10. Published 2024-05-02.
How severe is CVE-2024-32114?: High severity. CVSS v3 base score is 8.5 out of 10.
Is CVE-2024-32114 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.