CVE-2020-11972

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-05-14 17:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-11972

Mitre link : CVE-2020-11972

CVE.ORG link : CVE-2020-11972


JSON object : View

Products Affected

apache

  • camel

oracle

  • enterprise_manager_base_platform
  • communications_diameter_signaling_router
  • flexcube_private_banking
CWE
CWE-502

Deserialization of Untrusted Data