Skip to main content
Solved

Is FME Server / Flow vulnerable for Apache ActiveMQ CVE-2023-46604 https://www.cve.org/CVERecord?id=CVE-2023-46604


gtiemens
Is FME Server / Flow vulnerable for Apache ActiveMQ CVE-2023-46604 https://www.cve.org/CVERecord?id=CVE-2023-46604

Best answer by keziaatsafe

According to our assessment, we believe that the only component in FME Form and FME Flow possibly affected by this vulnerability is the JMSSender/Receiver (Form) & JMS Subscriber/Publisher (Flow). We do not expect your workspaces or automation workflows to be affected if you’re not using either of these transformers.

That being said, Apache ActiveMQ will be upgraded to a non-vulnerable version for the 2023.2 and 2024.0+ releases. We will also backport the fix to a 2023.1.2 release.

 

View original
Did this help you find an answer to your question?

2 replies

keziaatsafe
Safer
Forum|alt.badge.img+7
  • Safer
  • November 7, 2023

Hi @gtiemens​ ,

Thank you for contacting Safe Software and for reporting this vulnerability.  

Our team is currently investigating the vulnerability CVE-2023-46604 to determine if FME Form and Flow are affected.

I will update this thread as soon as I have further information. 

Thank you for your patience.

Kezia


keziaatsafe
Safer
Forum|alt.badge.img+7
  • Safer
  • Best Answer
  • November 9, 2023

According to our assessment, we believe that the only component in FME Form and FME Flow possibly affected by this vulnerability is the JMSSender/Receiver (Form) & JMS Subscriber/Publisher (Flow). We do not expect your workspaces or automation workflows to be affected if you’re not using either of these transformers.

That being said, Apache ActiveMQ will be upgraded to a non-vulnerable version for the 2023.2 and 2024.0+ releases. We will also backport the fix to a 2023.1.2 release.

 


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings