Strix
26.1K

CVE-2018-1310

UnknownEPSS 3.18%

Last modified

CVE-2018-1310 is a vulnerability of currently unknown severity. Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. EPSS estimates a 3.18% chance of exploitation in the next 30 days.

Description

Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.

Metrics

EPSS Probability
3.18%

86.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
ApacheNifi< 1.6.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-1310?
Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. Malicious JMS content could cause denial of service. See ActiveMQ CVE-2015-5254 announcement for more information. The fix to upgrade the activemq-client library to 5.15.3 was applied on the Apache NiFi 1.6.0 release. Users running a prior 1.x release should upgrade to the appropriate release.
How severe is CVE-2018-1310?
Severity scoring for CVE-2018-1310 is pending analysis. The EPSS model estimates a 3.18% probability of exploitation in the next 30 days.
How do I fix CVE-2018-1310?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1310?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST