This property controls the Java Messaging Service (JMS) connection factories that the MID Server can use. It is intended for a few select factories needed by plugins for JMS activity or action. Including additional factories could be a step in a chain of attack for vulnerabilities such as JNDI insertion that rely on capabilities an attacker can leverage in allowed factories. To prevent the possibility of any leveraged vulnerability, do not include factories beyond the necessary defaults.

Review the list of names provided to the mid property mid.property.jms.command.allowed_factory_names. Ensure any additional factory names beyond the default of connectionFactory, queueConnectionFactory, topicConnectionFactory are necessary.

See the following documentation for updating this and other mid server properties: MID Server properties

More information