CyberSec.Space Logo
Back to CVE Browser

CVE-2020-11973

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile35.41th
PublishedMay 14, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Affected Platforms (CPE)

πŸ“¦
Apache

Camel

>= 2.22.0 and <= 2.25.0
πŸ“¦
Apache

Camel

>= 3.0.0 and <= 3.1.0
πŸ“¦
Oracle

Communications Diameter Signaling Router

>= 8.0.0 and <= 8.5.0
πŸ“¦
Oracle

Enterprise Manager Base Platform

= 13.3.0.0
πŸ“¦
Oracle

Enterprise Manager Base Platform

= 13.4.0.0
πŸ“¦
Oracle

Flexcube Private Banking

= 12.0.0
πŸ“¦
Oracle

Flexcube Private Banking

= 12.1.0

References & Advisories

πŸ”— http://www.openwall.com/lists/oss-security/2020/05/14/9
πŸ”— https://camel.apache.org/security/CVE-2020-11973.html
πŸ”— https://www.oracle.com//security-alerts/cpujul2021.html
πŸ”— https://www.oracle.com/security-alerts/cpuApr2021.html
πŸ”— https://www.oracle.com/security-alerts/cpujan2021.html
πŸ”— https://www.oracle.com/security-alerts/cpuoct2020.html
πŸ”— http://www.openwall.com/lists/oss-security/2020/05/14/9
πŸ”— https://camel.apache.org/security/CVE-2020-11973.html

Related Vulnerabilities

CVE-2005-01029.8

Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execut...

CVE-2010-20769.8

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Ch...

CVE-2020-119729.8

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are ...

CVE-2015-53449.8

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary com...