First published: Thu May 14 2020(Updated: )
A flaw was found in camel. Apache Camel RabbitMQ enables java deserialization, by default, without any means of disabling which can lead to arbitrary code being executed. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/camel | <3.2.0 | 3.2.0 |
redhat/camel | <2.25.1 | 2.25.1 |
Apache Camel | >=2.22.0<=2.25.0 | |
Apache Camel | >=3.0.0<=3.1.0 | |
Oracle Communications Diameter Signaling Router | >=8.0.0<=8.5.0 | |
Oracle Enterprise Manager Base Platform | =13.3.0.0 | |
Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
Oracle FLEXCUBE Private Banking | =12.0.0 | |
Oracle FLEXCUBE Private Banking | =12.1.0 |
Red Hat JBoss Fuse 6 & Red Hat Fuse 7 customers should use `camel-netty4` instead
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-11973 is a vulnerability in Apache Camel that allows arbitrary code execution through Java deserialization.
The severity of CVE-2020-11973 is critical, with a severity value of 9.8.
CVE-2020-11973 can lead to a compromise of data confidentiality and integrity.
Versions 2.22.x, 2.23.x, 2.24.x, and 2.25.0 of Apache Camel are affected by CVE-2020-11973.
To fix CVE-2020-11973, upgrade to Apache Camel version 3.2.0 or higher.