Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Spring AMQP

Source -

CNA

CNA CVEs -

6

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2026-41714
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-4||MEDIUM
EPSS-0.02% / 3.91%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:48
Updated-10 Jun, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In Spring AMQP the RabbitConnectionFactoryBean.setUri("amqps://...") bypasses secure SSL setup, uses TrustEverythingTrustManager

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no hostname verification. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Spring AMQP
CWE ID-CWE-295
Improper Certificate Validation
CVE-2026-41701
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.54%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 23:47
Updated-10 Jun, 2026 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Spring AMQP
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2023-34050
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-5||MEDIUM
EPSS-43.04% / 97.58%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 07:11
Updated-12 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spring AMQP Deserialization Vulnerability

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-spring_advanced_message_queuing_protocolSpring AMQP
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-22095
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 69.10%
||
7 Day CHG~0.00%
Published-30 Nov, 2021 | 18:41
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString() method, will create a new String object from the message body, regardless of its size. This can cause an OOM Error with a large message

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-spring_advanced_message_queuing_protocolSpring AMQP
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-22097
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 63.25%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 15:24
Updated-03 Aug, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100% CPU usage in the application if the toString() method is called.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-spring_advanced_message_queuing_protocolSpring AMQP
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-11087
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.55% / 68.47%
||
7 Day CHG~0.00%
Published-14 Sep, 2018 | 20:00
Updated-27 Mar, 2025 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TLS validation error

Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-rabbitmq_java_clientspring_advanced_message_queuing_protocolSpring AMQP
CWE ID-CWE-295
Improper Certificate Validation