Critical RCE Vulnerability in Apache ActiveMQ Is Targeted by HelloKitty Ransomware (CVE-2023-46604)
Researchers have reported suspected exploitation activity related to a recently disclosed security vulnerability in Apache ActiveMQ, tracked as CVE-2023-46604. This vulnerability, with a maximum CVSS score of 10.0, can potentially lead to remote code execution (RCE) attacks.CVE-2023-46604 allows remote attackers with network access to a broker to execute arbitrary shell commands. This is achieved by exploiting serialized class types within the OpenWire protocol, which, in turn, leads to the broker instantiating any class available on the classpath. Shadowserver has identified 7,249 servers with accessible ActiveMQ services. Among them, 3,329 servers were running a version vulnerable to CVE-2023-46604.