CRITICAL🇬🇧 English

CVE-2020-11972

CVSS 9.8v3.1pub. 2020-05-14upd. 2024-11-21

Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Camel

    APP
    Apache
    2.22.0 – 2.25.03.0.0 – 3.1.0
  • Oracle Communications Diameter Signaling Router

    APP
    Oracle
    8.0.0 – 8.2.2
  • Oracle Enterprise Manager Base Platform

    APP
    Oracle
    13.3.0.013.4.0.0
  • Oracle Flexcube Private Banking

    APP
    Oracle
    12.0.012.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Deserialization
CWE
Referencje

Powiązane podatności

CVE-2020-2555CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invoc...

CVE-2017-9841CRITICAL9.8⚠ KEVten sam produkt

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbit...

CVE-2026-46852CRITICAL9.9ten sam produkt

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...

CVE-2026-46832CRITICAL9.9ten sam produkt

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...

CVE-2026-46853CRITICAL9.6ten sam produkt

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...