While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error.
References
Configurations
History
15 Jun 2026, 13:03
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Apache artemis
|
|
| CPE | cpe:2.3:a:apache:artemis:2.15.0:*:*:*:*:*:*:* |
21 Nov 2024, 05:55
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://lists.apache.org/thread.html/rafd5d7cf303772a0118865262946586921a65ebd98fc24f56c812574%40%3Cannounce.apache.org%3E - | |
| References | () https://mail-archives.apache.org/mod_mbox/activemq-users/202101.mbox/%3CCAH%2BvQmMUNnkiXv2-d3ucdErWOsdnLi6CgnK%2BVfixyJvTgTuYig%40mail.gmail.com%3E - Mailing List, Vendor Advisory | |
| References | () https://security.netapp.com/advisory/ntap-20210827-0002/ - Third Party Advisory |
07 Nov 2023, 03:31
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
Information
Published : 2021-01-27 19:15
Updated : 2026-06-17 03:42
NVD link : CVE-2021-26118
Mitre link : CVE-2021-26118
CVE.ORG link : CVE-2021-26118
JSON object : View
Products Affected
apache
- artemis
netapp
- oncommand_workflow_automation
CWE
