QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-26117

Back to search

CVE-2021-26117

Published: Jan 27, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password.

VendorProductVersions

Apache Software Foundation

Apache ActiveMQ

affected
Apache ActiveMQ Artemis - < 2.16.0
affected
Apache ActiveMQ - < 5.16.1

Weaknesses (CWE)

CWE-287

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now