CVE-2020-11972

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:59

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2020/05/14/10 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2020/05/14/10 - Mailing List, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2020/05/14/8 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2020/05/14/8 - Mailing List, Third Party Advisory
References () https://camel.apache.org/security/CVE-2020-11972.html - Vendor Advisory () https://camel.apache.org/security/CVE-2020-11972.html - Vendor Advisory
References () https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory
References () https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory

Information

Published : 2020-05-14 17:15

Updated : 2024-11-21 04:59


NVD link : CVE-2020-11972

Mitre link : CVE-2020-11972

CVE.ORG link : CVE-2020-11972


JSON object : View

Products Affected

oracle

  • flexcube_private_banking
  • communications_diameter_signaling_router
  • enterprise_manager_base_platform

apache

  • camel
CWE
CWE-502

Deserialization of Untrusted Data