=====================================================================

                                 CERT-Renater

                      Note d'Information No. 2022/VULN275

_____________________________________________________________________

DATE                : 23/08/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache ActiveMQ Artemis versions
                                       prior to 2.24.0.

=====================================================================
https://lists.apache.org/thread/bh6y81wtotg75337bpvxcjy436zfgf3n
_____________________________________________________________________

CVE-2022-35278: Apache ActiveMQ Artemis: HTML Injection in ActiveMQ 
Artemis Web Console


Description:

An attacker could show malicious content and/or redirect users to a
malicious URL in the web console by using HTML in the name of an address 
or queue.


Mitigation:

Upgrade to Apache ActiveMQ Artemis 2.24.0.


Credit:

Apache ActiveMQ would like to thank Yash Pandya (Digital14), Rajatkumar 
Karmarkar (Digital14), and Likhith Cheekatipalle (Digital14) for 
reporting this issue.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================