CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-11973

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile35.41th
Published2020年5月14日
Last Modified2024年11月21日

Vulnerability Description

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

Affected Platforms (CPE)

📦
Apache

Camel

>= 2.22.0 and <= 2.25.0
📦
Apache

Camel

>= 3.0.0 and <= 3.1.0
📦
Oracle

Communications Diameter Signaling Router

>= 8.0.0 and <= 8.5.0
📦
Oracle

Enterprise Manager Base Platform

= 13.3.0.0
📦
Oracle

Enterprise Manager Base Platform

= 13.4.0.0
📦
Oracle

Flexcube Private Banking

= 12.0.0
📦
Oracle

Flexcube Private Banking

= 12.1.0

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2020/05/14/9
🔗 https://camel.apache.org/security/CVE-2020-11973.html
🔗 https://www.oracle.com//security-alerts/cpujul2021.html
🔗 https://www.oracle.com/security-alerts/cpuApr2021.html
🔗 https://www.oracle.com/security-alerts/cpujan2021.html
🔗 https://www.oracle.com/security-alerts/cpuoct2020.html
🔗 http://www.openwall.com/lists/oss-security/2020/05/14/9
🔗 https://camel.apache.org/security/CVE-2020-11973.html

相关漏洞威胁

CVE-2005-01029.8

Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execut...

CVE-2010-20769.8

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Ch...

CVE-2020-119729.8

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are ...

CVE-2015-53449.8

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary com...