The"Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client. The admin interface of Apache ActiveMQ is accessible using default credentials - admin:admin. QID Detection Logic: This QID launches a request directed at the Apache ActiveMQ administration console with default credentials."
Successfully exploiting this issue may allow attackers to obtain administrative access to the application.
Service Operations Insight 4.2
The vulnerability can be taken care by updating jetty-realm.properties file in <activemq installed location>\conf folder
C:\Program Files (x86)\CA\SOI\apache-activemq\conf
The password is mentioned as follows
# Defines users that can access the web (console, demo, etc.)
# username: password [,rolename ...]
admin: admin, admin
user: user, user
Change the password and save the file.
This needs restart the SOI MQ server and SOI Application server services