A fresh proof-of-concept (PoC) exploit for a critical security vulnerability in Apache ActiveMQ is making it easier than ever to achieve remote code execution (RCE) on servers running the open source message broker — avoiding notice while doing so. The max-severity bug (CVE-2023-46604, CVSS score of 10) allows unauthenticated threat actors to run arbitrary shell commands, and it was patched by Apache late last month.

Source: Dark Reading: Cloud