Message brokers if not configured to auto upgrade to the latest minor version could increase the likelihood of getting exploited.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/upgrading-brokers.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/mq_broker#auto_minor_version_upgrade