← Back

CVE-2020-11972

nvd nist
Published: May 14, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Affected (7)

Apache
1 product
Camel
Oracle
3 products
Communications Diameter Signaling Router
Enterprise Manager Base Platform
Flexcube Private Banking
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Camel
From 2.22.0 to 2.25.0
Camel
From 3.0.0 to 3.1.0
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Communications Diameter Signaling Router
From 8.0.0 to 8.2.2
Oracle
Enterprise Manager Base Platform
Version 13.3.0.0
Enterprise Manager Base Platform
Version 13.4.0.0
Oracle
Flexcube Private Banking
Version 12.0.0
Flexcube Private Banking
Version 12.1.0

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (10)

Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Vendor Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.