Required jms connection factories [New in Security Center 1.3 and updated in 1.5 and 2.0]

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • The mid.property.jms.command.allowed_factory_names property controls the Java Messaging Service (JMS) connection factories that the MID Server can use.

    It is intended for a few select factories needed by plugins for JMS activity or action. Including additional factories could be a step in a chain of attack for vulnerabilities such as JDNI insertion that rely on capabilities an attacker can leverage in allowed factories. To prevent the possibility of any leveraged vulnerability, do not include factories beyond the necessary defaults.

    To remediate this security risk review the list of names provided to the mid property, mid.property.jms.command.allowed_factory_names. Ensure any additional Java factory names beyond the default of connectionFactory, queueConnectionFactory, and topicConnectionFactory are necessary.

    More information

    Attribute Description
    Configuration name mid.property.jms.command.allowed_factory_names
    Configuration type System Properties (/sys_properties_list.do)
    Data type string
    Default value connectionFactory, queueConnectionFactory, topicConnectionFactory
    Recommended value connectionFactory, queueConnectionFactory, topicConnectionFactory
    Category Access control
    Security risk
    • Severity score: 4.1
    • CVSS score: Medium
    • Security risk details: If the MID Server (com.glideapp.agent) plugin is active, review the list of names provided to the mid property mid.property.jms.command.allowed_factory_names. Ensure any additional factory names beyond the default of connectionFactory, queueConnectionFactory, and topicConnectionFactory are necessary.
    Dependencies and prerequisites None