CVE-2020-13931: Improper Authentication
(updated )
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on a TCP port that does not include authentication.
References
- lists.apache.org/thread.html/r7f98907165b355dc65f28a57f15103a06173ce03261115fa46d569b4@%3Cdev.tomee.apache.org%3E
- lists.apache.org/thread.html/r85b87478f8aa4751aa3a06e88622e80ffabae376ee7283e147ee56b9@%3Cdev.tomee.apache.org%3E
- lists.apache.org/thread.html/ref088c4732e1a8dd0bbbb96e13ffafcfe65f984238ffa55f438d78fe%40%3Cdev.tomee.apache.org%3E
- nvd.nist.gov/vuln/detail/CVE-2020-13931
Detect and mitigate CVE-2020-13931 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →