Default Configuration Flaw Exposes ActiveMQ Broker to Unauthorized Access
CVE-2024-32114
What is CVE-2024-32114?
CVE-2024-32114 is a significant security vulnerability found in Apache ActiveMQ, a widely-used open-source messaging broker designed for sending messages between distributed systems. This vulnerability stems from a default configuration flaw that leaves the API web context—where critical components like the Jolokia JMX REST API and the Message REST API reside—exposed without authentication requirements. As a result, unauthorized users can access these APIs easily, potentially allowing them to interact with the message broker in harmful ways. Attackers can exploit this vulnerability to produce or consume messages unlawfully, as well as purge or delete message destinations, leading to severe operational disruptions for organizations that rely on ActiveMQ for their messaging needs.
Potential impact of CVE-2024-32114
-
Unauthorized Access: The lack of authentication by default means that any individual with network access can communicate with the ActiveMQ broker, leading to unauthorized data manipulation and breaches.
-
Data Loss or Corruption: Attackers can delete or modify message queues and destinations, resulting in the loss of critical messages, which could severely impact business operations and data integrity.
-
Service Disruption: Due to unchecked interactions with the broker, malicious actors could disrupt normal messaging operations, potentially causing downtime or instability in applications reliant on the ActiveMQ service, significantly affecting productivity and service delivery.
Affected Version(s)
Apache ActiveMQ 6.0.0 <= 6.1.1