Apache Active MQ Vulnerability (CVE-2023-46604) - is DX UIM (Nimsoft) affected?
search cancel

Apache Active MQ Vulnerability (CVE-2023-46604) - is DX UIM (Nimsoft) affected?

book

Article ID: 275661

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

A Critical Zero Day  Vulnerability (CVE-2023-46604) a remote code execution vulnerability  has been  found in the Apache ActiveMQ  library .

DX UIM uses Apache ActiveMQ library in the probes listed below:

  • ecometer_monitor-5.12 using Apache ActiveMQ 5.13.0
  • ecometer_admin-5.12 using Apache ActiveMQ 5.13.0
  • CABI 8.x using Apache ActiveMQ 5.16.2

Environment

DX UIM Server with the following supported probes

  • ecometer_monitor 
  • ecometer_admin
  • CABI 8.x

Cause

https://activemq.apache.org/security-advisories.data/CVE-2023-46604

Resolution

The above impacted probes will be upgraded with  either of Apache ActiveMQ  versions 5.15.16, 5.16.7, 5.17.6, or 5.18.3  as per the  upgrade guidance.

Additional Information

This KB will be updated on a continuous basis as the situation evolves.There is NO Impact on Probes installed along with the DX UIM Server and Operator console of UIM 20.3.x and 20.4.x versions.