CVE-2020-11971

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 14-05-2020 07:15

Last modified: - 12-05-2022 05:00

Total changes: - 12

Description

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

High

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=apache AND product=camel AND versionEndIncluding=3.1.0 AND versionStartIncluding=2.22.0

vendor=oracle AND product=flexcube_private_banking AND version=12.1.0

vendor=oracle AND product=flexcube_private_banking AND version=12.0.0

vendor=oracle AND product=enterprise_manager_base_platform AND version=13.3.0.0

vendor=oracle AND product=enterprise_manager_base_platform AND version=13.4.0.0

vendor=oracle AND product=communications_diameter_signaling_router AND versionEndIncluding=8.2.2 AND versionStartIncluding=8.0.0

vendor=oracle AND product=communications_diameter_intelligence_hub AND versionEndIncluding=8.1.0 AND versionStartIncluding=8.0.0

vendor=oracle AND product=communications_diameter_intelligence_hub AND versionEndIncluding=8.2.3 AND versionStartIncluding=8.2.0

Reference

https://camel.apache.org/security/CVE-2020-11971.html
[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11971 released for Apache Camel-Mailing List, Patch, Third Party Advisory
[camel-commits] 20200522 [camel-website] 01/02: CVE-2020-11971 - Amend the fix version-Mailing List, Vendor Advisory
[camel-commits] 20200522 [camel-website] branch CVE-2020-11971-amend created (now 2a753f7)-Mailing List, Vendor Advisory
[camel-commits] 20200522 [camel-website] 02/02: CVE-2020-11971 - Amended fix version-Mailing List, Vendor Advisory
[activemq-issues] 20200601 [jira] [Created] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0-Mailing List, Vendor Advisory
[activemq-issues] 20200622 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0-Mailing List, Vendor Advisory
[activemq-issues] 20200622 [jira] [Assigned] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0-Mailing List, Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
[activemq-issues] 20201122 [jira] [Updated] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 2.25.2-Mailing List, Vendor Advisory
[activemq-issues] 20201122 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0-Mailing List, Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
[activemq-users] 20210830 Security issues-Mailing List, Vendor Advisory
[activemq-users] 20210831 RE: Security issues-Mailing List, Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Keywords

CVE-2020-11971

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-11971

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures