CVE-2020-11971

HIGH

Apache Camel 2.22.0-3.1.0 - Rebind Flaw in JMX

Title source: llm

Description

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

References (15)

Core 15

Core References

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/05/14/7

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4%40%3Ccommits.camel.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9%40%3Ccommits.camel.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a%40%3Ccommits.camel.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79%40%3Cissues.activemq.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468%40%3Cissues.activemq.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a%40%3Cissues.activemq.apache.org%3E

Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2020.html

Patch, Vendor Advisory x_refsource_misc

https://camel.apache.org/security/CVE-2020-11971.html

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386%40%3Cissues.activemq.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649%40%3Cissues.activemq.apache.org%3E

Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpujan2021.html

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2022.html

Scores

CVSS v3 7.5

EPSS 0.0970

EPSS Percentile 93.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (10)

apache/camel 2.22.0 - 3.1.0

oracle/communications_diameter_intelligence_hub 8.0.0 - 8.1.0

oracle/communications_diameter_signaling_router 8.0.0 - 8.2.2

oracle/enterprise_manager_base_platform 13.3.0.0

oracle/enterprise_manager_base_platform 13.4.0.0

oracle/flexcube_private_banking 12.0.0

oracle/flexcube_private_banking 12.1.0

org.apache.camel/camel 0 - 3.2.0Maven

org.apache.camel/camel-core 0 - 3.2.0Maven

org.apache.camel/camel-management 0 - 3.2.0Maven

Published May 14, 2020

Tracked Since Feb 18, 2026