Skip to main content

Rocketmq

3 CVEs product

Monthly

CVE-2024-23321 Maven HIGH PATCH This Week

For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Rocketmq
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-37582 Maven CRITICAL POC PATCH THREAT Act Now

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Rocketmq
NVD
CVSS 3.1
9.8
EPSS
90.4%
CVE-2023-33246 Maven CRITICAL POC KEV PATCH THREAT Act Now

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Rocketmq
NVD GitHub
CVSS 3.1
9.8
EPSS
96.6%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

For RocketMQ versions 5.2.0 and below, under certain conditions, there is a risk of exposure of sensitive Information to an unauthorized actor even if RocketMQ is enabled with authentication and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Rocketmq
NVD
EPSS 90% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Rocketmq
NVD
EPSS 97% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Rocketmq
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy