Affecting org.apache.activemq:activemq-amqp artifact, versions [5.0.0,5.15.6)
org.apache.activemq:activemq-amqp is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM) attacks due to missing TLS hostname verification. An attacker could perform Man-in-the-Middle attack between a Java application using the ActiveMQ client and the ActiveMQ server.
org.apache.activemq:activemq-amqp to version 5.15.6 or higher.
Do your applications use this vulnerable package?