CVE-2023-46604

Vulnerability updated a month ago (2024-11-29T14:10:30.055Z)
Download STIX
Preview STIX
CVE-2023-46604 is a critical vulnerability identified in Apache ActiveMQ, specifically affecting versions prior to 5.15.16, 5.16.7, 5.17.6, and 5.18.3. This flaw, which lies within the Java OpenWire protocol marshaller, allows for Remote Code Execution (RCE) and has been assigned a maximum severity score (CVSS 10). The vulnerability enables unauthenticated threat actors to run arbitrary shell commands. It was patched by Apache at the end of the month preceding its discovery. The vulnerability has attracted significant attention from cybercriminals, with multiple instances of exploitation reported. Rapid7 researchers initially raised concerns about the suspected misuse of this flaw. Cybersecurity researchers at Trend Micro later confirmed these suspicions, identifying attacks where cybercriminals exploited CVE-2023-46604 to infect Linux systems with the Kinsing malware, also known as h2miner. These attacks typically resulted in the installation of cryptocurrency miners on targeted Linux systems. In parallel, Atlassian revealed that its Bamboo continuous integration (CI) and continuous delivery (CD) server, along with Confluence Data Center and Server, were also vulnerable to this max-severity issue. All versions of Bamboo Data Center and Server were found to be impacted by this actively exploited security flaw. Additionally, the AhnLab Security Emergency Response Center (ASEC) implicated Andariel, a subgroup within Lazarus, in cyberattacks exploiting CVE-2023-46604.
Description last updated: 2024-03-14T17:20:09.542Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
H2miner is a possible alias for CVE-2023-46604. H2miner, also known as Kinsing, is a malicious software (malware) that primarily targets Linux systems to exploit their computing resources for illicit cryptocurrency mining. This malware is typically introduced into systems through suspicious downloads, emails, or websites, often unbeknownst to the
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apache
Vulnerability
Activemq
Apache Activ...
Ransomware
Rapid7
Malware
Exploit
Fortiguard
Remote Code ...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Kinsing Malware is associated with CVE-2023-46604. Kinsing is a malicious software, or malware, that has been recently observed exploiting vulnerabilities in systems. It operates by infiltrating computers or devices, often undetected, through suspicious downloads, emails, or websites. Once inside, Kinsing can wreak havoc by stealing personal informaUnspecified
4
The HELLOKITTY Malware is associated with CVE-2023-46604. HelloKitty is a malicious software (malware) that has been designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold datUnspecified
3
Source Document References
Information about the CVE-2023-46604 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
4 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
CISA
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
DARKReading
6 months ago
Securityaffairs
7 months ago
CISA
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago