The default configuration of Puppet Enterprise is not vulnerable to the vulnerabilities in the December 2015 ActiveMQ Security Announcement. If you have enabled the ActiveMQ web console you may be vulnerable.
Puppet Enterprise 3.8.4 and 2015.3.2 include an updated version of ActiveMQ to address this vulnerability.
For more information about the vulnerability, please refer to the ActiveMQ security announcement.
Affected Software Versions: