Background
On October 27 2023, it was reported in CVE-2023-46604 that various versions of Java’s OpenWire protocol marshaller are vulnerable to exploits that could result in execution of arbitrary shell commands on remote servers.
Severity
Our R&D department has determined that a vulnerable version of this library (ActiveMQ Client 5.17.4) is installed along with the OL Connect Print Manager. If the Print Manager is not installed, then the vulnerable Java module is not installed either.
Corrective measures
If the Print Manager is installed on a server, users are strongly encouraged to make sure network access to that server is properly restricted to prevent exposure to the vulnerability.
To completely eliminate the threat, OL Connect’s 2024.1 release will include a Print Manager module that uses ActiveMQ Client 5.17.6, in which the vulnerability has been fixed.