CVE-2020-1941 — MEDIUM (6.1)

Q: What is CVE-2020-1941?

CVE-2020-1941 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

Q: How severe is CVE-2020-1941?

CVE-2020-1941 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-1941?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Activemq, Oracle Communications Diameter Signaling Router, Oracle Communications Element Manager, Oracle Communications Session Report Manager, Oracle Communications Session Route Manager.

Vulnerability Description

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Activemq	>= 5.0.0, <= 5.15.11
Oracle	Communications Diameter Signaling Router	>= 8.0.0, <= 8.2.2
Oracle	Communications Element Manager	8.1.1
Oracle	Communications Session Report Manager	8.1.1
Oracle	Communications Session Route Manager	8.1.1
Oracle	Enterprise Repository	11.1.1.7.0
Oracle	Flexcube Private Banking	12.0.0

Related Weaknesses (CWE)

CWE-79

References

http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.tVendor Advisory
https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737
https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc
https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.tVendor Advisory
https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737
https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc
https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory

FAQ

What is CVE-2020-1941?

CVE-2020-1941 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

How severe is CVE-2020-1941?

CVE-2020-1941 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1941?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Activemq, Oracle Communications Diameter Signaling Router, Oracle Communications Element Manager, Oracle Communications Session Report Manager, Oracle Communications Session Route Manager.