Rewterz Threat Advisory – CVE-2022-41678 – Apache ActiveMQ Vulnerability

Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs

November 29, 2023

Rewterz Threat Advisory – CVE-2023-49145 – Apache NiFi Vulnerability

November 29, 2023

Rewterz Threat Advisory – CVE-2022-41678 – Apache ActiveMQ Vulnerability

Severity

High

Analysis Summary

CVE-2022-41678

Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Jolokia component. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Code Execution

Indicators Of Compromise

CVE

CVE-2022-41678

Affected Vendors

Apache

Affected Products

Apache ActiveMQ 5.16.0
Apache ActiveMQ 5.17.0

Remediation

Upgrade to the latest version of Apache ActiveMQ, available from the Apache Web site.

Apache Website

Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs

Rewterz Threat Advisory – CVE-2023-49145 – Apache NiFi Vulnerability

Rewterz Threat Advisory – CVE-2022-41678 – Apache ActiveMQ Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan