Apache ActiveMQ vulnerability CVE-2023-46604 and Symantec DLP
search cancel

Apache ActiveMQ vulnerability CVE-2023-46604 and Symantec DLP

book

Article ID: 275982

calendar_today

Updated On:

Products

Data Loss Prevention Enterprise Suite Data Loss Prevention Network Discover Data Loss Prevention Plus Suite Data Loss Prevention Enforce Data Loss Prevention Discover Suite Data Loss Prevention Core Package Data Loss Prevention

Issue/Introduction

Apache ActiveMQ vulnerability CVE-2023-46604 affects the Symantec DLP Network Discover solution using Grid deployments only.

Environment

This can affect all in-service DLP versions (15.8, 16.0, 16.0.1).

Resolution

Hotfixes have been released for all 3 DLP branches, per the Advisory on this topic:

Symantec Data Loss Prevention Hot Fix Available That Resolves an ActiveMQ 5.14.4 Vulnerability

Please download and install the hotfix available for your release.

Additional Information

Mitigation and workaround for those who cannot apply the hotfixes immediately.

Please note that this vulnerability can only be exploited if both of the following are true:

  1. Grid Scanning is enabled on the Discover Detection Server
  2. A Grid Scan is actively running - that is the only time the ports using ActiveMQ are active.

Additionally: Discover Clusters do not use ActiveMQ.

Workaround to mitigate if published Hotfix is not being applied:

  • Allow only authorized servers in the DLP infrastructure to connect to port 61616/tcp of the Discover Grid servers.
Powered by Wolken Software