Eclipse Openmq
Approved changes feed: RSS · Atom
cpe:2.3:a:eclipse_foundation:eclipse_openmq:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Eclipse Foundation (2c315c48-0111-5572-bbde-cc70cfafb2e9) |
|---|---|
| Product | Eclipse Openmq (4c4677fc-c865-568b-a7fc-101a2e1966a7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-24457 |
vulnerable | 2026-06-03 15:16:52.502567 |
Details available
CRITICAL (9.1)
An unsafe parsing of OpenMQ's configuration, allows a remote attacker to read arbitrary files from a MQ Broker's server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.
Published: 2026-03-05T16:27:30.984Z
Updated: 2026-03-06T16:11:32.915Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-22886 |
vulnerable | 2026-06-03 15:15:54.312567 |
Details available
CRITICAL (9.8)
OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires
authentication. However, the product ships with a default administrative account (admin/
admin) and does not enforce a mandatory password change on first use. After the first
successful login, the server continues to accept the default password indefinitely without
warning or enforcement.
In real-world deployments, this service is often left enabled without changing the default
credentials. As a result, a remote attacker with access to the service port could authenticate
as an administrator and gain full control of the protocol’s administrative features.
Published: 2026-03-03T09:18:46.109Z
Updated: 2026-03-03T14:51:24.570Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.