CVE-2023-46604

Vulnerability Profile Updated 3 months ago
Download STIX
Preview STIX
CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity score (CVSS 10). The vulnerability enables unauthenticated threat actors to run arbitrary shell commands. It was patched by Apache at the end of the month preceding its discovery. The vulnerability has attracted significant attention from cybercriminals, with multiple instances of exploitation reported. Rapid7 researchers initially raised concerns about the suspected misuse of this flaw. Cybersecurity researchers at Trend Micro later confirmed these suspicions, identifying attacks where cybercriminals exploited CVE-2023-46604 to infect Linux systems with the Kinsing malware, also known as h2miner. These attacks typically resulted in the installation of cryptocurrency miners on targeted Linux systems. In parallel, Atlassian revealed that its Bamboo continuous integration (CI) and continuous delivery (CD) server, along with Confluence Data Center and Server, were also vulnerable to this max-severity issue. All versions of Bamboo Data Center and Server were found to be impacted by this actively exploited security flaw. Additionally, the AhnLab Security Emergency Response Center (ASEC) implicated Andariel, a subgroup within Lazarus, in cyberattacks exploiting CVE-2023-46604.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
H2miner
2
H2miner, also known as Kinsing, is a malicious software (malware) that primarily targets Linux systems to exploit their computing resources for illicit cryptocurrency mining. This malware is typically introduced into systems through suspicious downloads, emails, or websites, often unbeknownst to the
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apache
Vulnerability
Activemq
Apache Activ...
Rapid7
Malware
Ransomware
Exploit
Remote Code ...
Fortiguard
Confluence
Github
Trustwave
Poc
Linux
Atlassian
RCE (Remote ...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KinsingUnspecified
4
Kinsing is a type of malware, short for malicious software, that is designed to exploit and damage computer systems or devices. It typically infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt o
HELLOKITTYUnspecified
3
HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold dat
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AndarielUnspecified
1
Andariel, a notorious threat actor associated with the Lazarus Group and linked to North Korea, is known for its malicious cyber activities. The group has been identified using DTrack malware and Maui ransomware, notably in mid-2022, and has developed a reputation for exploiting ActiveX objects. Res
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-44228Unspecified
1
CVE-2021-44228, also known as the Log4j vulnerability, is a software flaw found in Apache Log4j, a widely used logging utility. Despite multiple attempts by Advanced Persistent Threat (APT) actors to exploit this vulnerability in the ServiceDesk system, these efforts were unsuccessful. However, it b
Looney TunablesUnspecified
1
Looney Tunables is a significant vulnerability in Linux software design and implementation, which has been exploited by various threat actors. This flaw allows for local privilege escalation, providing unauthorized users with elevated access rights within a Linux environment. Multiple experts have r
Source Document References
Information about the CVE-2023-46604 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
6 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
6 days ago
Security Affairs Malware Newsletter - Round 3
Securityaffairs
12 days ago
Security Affairs Malware Newsletter - Round 2
Securityaffairs
20 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
a month ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading
a month ago
TellYouthePass Ransomware Group Exploits Critical PHP Flaw
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
CISA
3 months ago
Delta Electronics InfraSuite Device Master | CISA
Securityaffairs
3 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
4 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 462 by Pierluigi Paganini
Checkpoint
5 months ago
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Research
Securityaffairs
5 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini