CRITICAL🇵🇱 Wersja polska

CVE-2020-11973

CVSS 9.8v3.1pub. 2020-05-14upd. 2024-11-21

Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Camel

    APP
    Apache
    2.22.0 – 2.25.03.0.0 – 3.1.0
  • Oracle Communications Diameter Signaling Router

    APP
    Oracle
    8.0.0 – 8.5.0
  • Oracle Enterprise Manager Base Platform

    APP
    Oracle
    13.3.0.013.4.0.0
  • Oracle Flexcube Private Banking

    APP
    Oracle
    12.0.012.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2020-2555CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invoc...

CVE-2017-9841CRITICAL9.8⚠ KEVten sam produkt

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbit...

CVE-2026-46852CRITICAL9.9ten sam produkt

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...

CVE-2026-46832CRITICAL9.9ten sam produkt

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...

CVE-2026-46853CRITICAL9.6ten sam produkt

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...