ActiveMQ vulneravilities

Hi All

   Customer response sentinel been detect 2 activeMQ (TCP61616) vulnerabilivies.

1. CVE 184189 : Apache ActiveMQ < 5.15.16 / 5.16.x < 5.16.7 / 5.17.x < 5.17.6 / 5.18.x < 5.18.3 RCE
2. CVE 186650: ActiveMQ RCE (CVE-2023-46604)

How could I check the activeMQ version on senitnel appliance ?

Thanks!!

Wencheng

Tags:

  • Suggested Answer

    0  

    sentinel:~ # ls -la /opt/novell/sentinel/lib/activemq-*
    -rw------- 1 novell novell 1208714 Nov  4 06:56 /opt/novell/sentinel/lib/activemq-broker-5.16.7.jar
    -rw------- 1 novell novell 1440244 Nov  4 06:56 /opt/novell/sentinel/lib/activemq-client-5.16.7.jar
    -rw------- 1 novell novell   39292 Nov  4 06:56 /opt/novell/sentinel/lib/activemq-jaas-5.16.7.jar
    -rw------- 1 novell novell   52901 Nov  4 06:56 /opt/novell/sentinel/lib/activemq-jms-pool-5.16.7.jar
    -rw------- 1 novell novell  691866 Nov  4 06:56 /opt/novell/sentinel/lib/activemq-kahadb-store-5.16.7.jar
    -rw------- 1 novell novell  686378 Nov  4 06:56 /opt/novell/sentinel/lib/activemq-openwire-legacy-5.16.7.jar
    -rw------- 1 novell novell   20891 Nov  4 06:56 /opt/novell/sentinel/lib/activemq-pool-5.16.7.jar
    -rw------- 1 novell novell  147874 Nov  4 06:56 /opt/novell/sentinel/lib/activemq-protobuf-1.1.jar
    -rw------- 1 novell novell  171807 Nov  4 06:56 /opt/novell/sentinel/lib/activemq-spring-5.16.7.jar

  • 0 in reply to   

     

        Thanks!! I compare ....8.5.1.1 use 5.16.3....8.6.1.1 use 5.16.7....

    Wencheng