ActiveMQ – Remote Code Execution (CVE-2023-46604)

Severity: Critical

Invicti detected ActiveMQ Remote Code Execution (CVE-2023-46604) on the target server. ActiveMQ has an OpenWire-protocol broken on TCP port 61616. It allows unauthenticated attackers to manipulate serialized class types leading to arbitrary code execution.


An attacker can exploit this vulnerability to run arbitrary code.

Actions To Take#

Upgrade to the fixed or newer versions of ActiveMQ. Fixed versions are listed below:

  • 5.15.16
  • 5.16.7
  • 5.17.6
  • 5.18.3
  • 6.0.0

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works