CVE-2020-11972
CRITICALApache Camel < 2.25.0 - Insecure Deserialization
Title source: ruleDescription
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
References (5)
Scores
CVSS v3
9.8
EPSS
0.0839
EPSS Percentile
92.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (7)
apache/camel
< 2.25.0
oracle/communications_diameter_signaling_router
< 8.2.2
oracle/enterprise_manager_base_platform
oracle/enterprise_manager_base_platform
oracle/flexcube_private_banking
oracle/flexcube_private_banking
org.apache.camel/camel-rabbitmq
< 2.25.1Maven
Timeline
Published
May 14, 2020
Tracked Since
Feb 18, 2026