Invicti detected ActiveMQ Remote Code Execution (CVE-2023-46604) on the target server. ActiveMQ has an OpenWire-protocol broken on TCP port 61616. It allows unauthenticated attackers to manipulate serialized class types leading to arbitrary code execution.

An attacker can exploit this vulnerability to run arbitrary code.

Upgrade to the fixed or newer versions of ActiveMQ. Fixed versions are listed below:

• 5.15.16
• 5.16.7
• 5.17.6
• 5.18.3
• 6.0.0