CVE-2020-11971 - Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0

CVE-2020-11971

Summary

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

References

Vulnerable Configurations

cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.22.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.23.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.24.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.24.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.24.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.24.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.24.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.24.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.24.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.24.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.25.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 12-05-2022 - 15:00)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

misc

mlist

[activemq-issues] 20200601 [jira] [Created] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0
[activemq-issues] 20200622 [jira] [Assigned] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0
[activemq-issues] 20200622 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0
[activemq-issues] 20201122 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0
[activemq-issues] 20201122 [jira] [Updated] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 2.25.2
[camel-commits] 20200522 [camel-website] 01/02: CVE-2020-11971 - Amend the fix version
[camel-commits] 20200522 [camel-website] 02/02: CVE-2020-11971 - Amended fix version
[camel-commits] 20200522 [camel-website] branch CVE-2020-11971-amend created (now 2a753f7)
[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11971 released for Apache Camel

Last major update

12-05-2022 - 15:00

Published

14-05-2020 - 17:15

Last modified

12-05-2022 - 15:00