Hello Aditya-

ActiveMQ is not vulnerable— the current exploits require spring web components, 
be running in Tomcat as a war and using JDK 9+. 

Which security scanner are you using? It sounds like it is over zealous in 
identifying problematic instances.

Thanks,
Matt Pavlovich

> On Apr 11, 2022, at 2:48 AM, Aditya Nautiyal 
> <[email protected]> wrote:
> 
> Hi Team,
> Our scanners are started complaining about SpringShell Critical issues under 
> /opt/apache-activemq* as shown below :
> 
>  
> We recently upgraded our systems to 5.16.4, can you please advise what is the 
> plan to remediate this from ActiveMQ side on this.
>  
> 
>  
> First Last
> Job Title
> Office: +xxx+xx+xxxxxxx
> Mobile: +xxx+xx+xxxxxxx
>  
> 
> www.algosec.com 
> <http://www.algosec.com/?utm_source=email&utm_medium=corp+email+signature&utm_campaign=email+signature>

Reply via email to