What is CVE-2022-23913?

CVE-2022-23913 is a vulnerability in Apache ActiveMQ Artemis that allows an attacker to partially disrupt availability through uncontrolled resource consumption.

What is the severity of CVE-2022-23913?

CVE-2022-23913 has a severity rating of 7.5 (high).

Which versions of Apache ActiveMQ Artemis are affected by CVE-2022-23913?

CVE-2022-23913 affects Apache ActiveMQ Artemis prior to version 2.20.0 or 2.19.1.

How can an attacker exploit CVE-2022-23913?

An attacker can exploit CVE-2022-23913 by consuming excessive resources, leading to a denial-of-service (DoS) situation.

Are there any remediation steps available for CVE-2022-23913?

Yes, the recommended remedy versions for CVE-2022-23913 are 2.19.1 or 2.20.0 for Apache ActiveMQ Artemis.

Vulnerability/
CVE-2022-23913

high

7.5

CWE

400 770

4/2/2022

6/2/2022

3/8/2024

CVE-2022-23913: Apache ActiveMQ Artemis DoS

First published: Fri Feb 04 2022(Updated: )

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
maven/org.apache.activemq:artemis-core-client	<2.19.1	2.19.1
redhat/eap7-activemq-artemis	<0:2.16.0-9.redhat_00042.1.el8ea	0:2.16.0-9.redhat_00042.1.el8ea
redhat/eap7-activemq-artemis	<0:2.16.0-9.redhat_00042.1.el7ea	0:2.16.0-9.redhat_00042.1.el7ea
redhat/rh-sso7-keycloak	<0:18.0.3-1.redhat_00001.1.el7	0:18.0.3-1.redhat_00001.1.el7
redhat/rh-sso7-keycloak	<0:18.0.3-1.redhat_00001.1.el8	0:18.0.3-1.redhat_00001.1.el8
redhat/rh-sso7	<0:1-5.el9	0:1-5.el9
redhat/rh-sso7-javapackages-tools	<0:6.0.0-7.el9	0:6.0.0-7.el9
redhat/rh-sso7-keycloak	<0:18.0.3-1.redhat_00001.1.el9	0:18.0.3-1.redhat_00001.1.el9
redhat/artemis	<2.19.1	2.19.1
redhat/artemis	<2.20.0	2.20.0
Apache ActiveMQ Artemis	<2.19.1
Netapp Active Iq Unified Manager Windows
NetApp OnCommand Workflow Automation

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2022-23913?
CVE-2022-23913 is a vulnerability in Apache ActiveMQ Artemis that allows an attacker to partially disrupt availability through uncontrolled resource consumption.
What is the severity of CVE-2022-23913?
CVE-2022-23913 has a severity rating of 7.5 (high).
Which versions of Apache ActiveMQ Artemis are affected by CVE-2022-23913?
CVE-2022-23913 affects Apache ActiveMQ Artemis prior to version 2.20.0 or 2.19.1.
How can an attacker exploit CVE-2022-23913?
An attacker can exploit CVE-2022-23913 by consuming excessive resources, leading to a denial-of-service (DoS) situation.
Are there any remediation steps available for CVE-2022-23913?
Yes, the recommended remedy versions for CVE-2022-23913 are 2.19.1 or 2.20.0 for Apache ActiveMQ Artemis.

collector/github-advisory-latest
alias/GHSA-pr38-qpxm-g88x
alias/CVE-2022-23913
collector/github-advisory
collector/redhat-cve
agent/weakness
agent/author
agent/type
agent/first-publish-date
agent/references
agent/severity
agent/description
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
collector/nvd-cve
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/event
agent/tags
agent/trending
package-manager/maven
package-manager/redhat
vendor/apache
canonical/apache activemq artemis
vendor/netapp
canonical/netapp active iq unified manager windows
canonical/netapp oncommand workflow automation