CVE-2020-11972

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-05-14 17:15

Updated : 2024-02-04 21:00


NVD link : CVE-2020-11972

Mitre link : CVE-2020-11972

CVE.ORG link : CVE-2020-11972


JSON object : View

Products Affected

oracle

  • enterprise_manager_base_platform
  • flexcube_private_banking
  • communications_diameter_signaling_router

apache

  • camel
CWE
CWE-502

Deserialization of Untrusted Data