Palo Alto Networks Security Advisories / CVE-2024-8689

CVE-2024-8689 ActiveMQ Content Pack: Cleartext Exposure of Credentials

Urgency MODERATE

047910
Severity 6 · MEDIUM
Response Effort MODERATE
Recovery AUTOMATIC
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity HIGH
Attack Requirements PRESENT
Automatable NO
User Interaction PASSIVE
Product Confidentiality HIGH
Product Integrity NONE
Product Availability NONE
Privileges Required NONE
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE

Description

A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.

Product Status

VersionsAffectedUnaffected
ActiveMQ Content Pack 1.1< 1.1.15>= 1.1.15

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-B: 6.0 (CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-312 Cleartext Storage of Sensitive Information

Solution

This issue is fixed in ActiveMQ Content Pack 1.1.15 and all later versions. You can download the content pack from https://cortex.marketplace.pan.dev/marketplace/details/ActiveMQ/.

You should use new ActiveMQ credentials for ActiveMQ integration only after you upgrade it to a fixed version. You should also revoke the previously existing credentials to prevent the misuse of exposed credentials.

Acknowledgments

Palo Alto Networks thanks Marcel Maeder of Swisscom (Schweiz) AG for discovering and reporting this issue.

Timeline

Initial publication
© 2024 Palo Alto Networks, Inc. All rights reserved.