I have been scanning our environment for the Apache ActiveMQ vulnerability. Currently Rapid7 shows zero assets that have this. Talking with our developers. There are servers that have this installed, but IVM is not detecting anything. Just wanted to see if anyone else is seeing this.
A bit late to the post, but do you see Apache ActiveMQ in the list of software under “Assets”? How about if you click on that asset within InsightVM, do you see Apache ActiveMQ listed under “Installed Software”?
Perhaps, Rapid7 updated their definitions between this post and now. Are you still seeing the same issue?
It does not show up under installed software. I also added the port 61616 to the scan and it can see that. One thing I did do was use Metasploit on kali Linux to scan activemq machines. Which it showed what machines were vulnerable.