CVSS 3 Base Score: Posted On: May 4, 2016Assessed Risk Level: MediumOn March 10, 2016 ActiveMQ announced several vulnerabilities.Puppet Enterprise 3.8.x prior to 3.8.5, Puppet Enterprise 2015.3.x and Puppet Enterprise 2016.1.x prior to 2016.1.2 ship with a vulnerable version of ActiveMQ. Default configurations of Puppet Enterprise are not affected by these vulnerabilities. Puppet Enterprise 3.8.5 and 2016.1.2 include an updated ActiveMQ that has addressed these vulnerabilities.For more information about these vulnerabilities, please refer to the ActiveMQ security announcements (http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt and http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt ).Status:Affected software versions:Puppet Enterprise 3.8.x prior to 3.8.5Puppet Enterprise 2015.3.xPuppet Enterprise 2016.1.x prior to 2016.1.2Resolved in:Puppet Enterprise 3.8.5Puppet Enterprise 2016.1.2← Back to CVE Listings