Security Vulnerability —Apache TomEE

Home/Security Update, Software Issues/Security Vulnerability —Apache TomEE

Security Vulnerability —Apache TomEE

 Apache TomEE Security Bypass Vulnerability.


Apache TomEE is prone to a security bypass vulnerability.

The vulnerability is caused due to a misconfiguring issue when configured with the embedded ActiveMQ broker.

An unauthenticated remote attacker can exploit this vulnerability by sending a specially-crafted request.

However, Successful exploitation can enable an attacker to enable a JMX port on TCP port 1099 without authentication.

CVE IDCVE-2020-13931
CVSS v3.0 ScoreBase Score: 9.8
CVSS v2.0 ScoreBase Score: 10
Severity RatingCritical

However, Apache has released security updates regarding this vulnerability.

Versions Affected:

Below are the affected Apache TomEE:

  • Apache TomEE 8.0.0-M1 – 8.0.3
  • Apache TomEE 7.1.0 – 7.1.3
  • Apache TomEE 7.0.0-M1 – 7.0.8
  • also, Apache TomEE 1.0.0 – 1.7.5

Importantly, CVE-2020-11969 previously addressed the creation of the JMX management interface, however, the incomplete fix did not cover this edge case.


It is highly recommended to upgrade to the below versions

  • Upgrade to TomEE 7.0.9 or later
  • Upgrade to TomEE 7.1.4 or later
  • Upgrade to TomEE 8.0.4 or later

Follow Us on: Twitter, InstagramFacebook to get latest security news!

By | 2020-12-31T16:19:47+05:30 December 31st, 2020|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!