CVE-2020-11971

CWE-20 — Improper Input Validation8 documents8 sources

Severity

7.5HIGH

EPSS

9.7%

top 7.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Camel Oracle Communications Diameter Intelligence HUB Oracle Communications Diameter Signaling Router +2 more

Timeline

PublishedMay 14

Latest updateApr 15

Description

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶Mavenorg.apache.camel:camel< 3.2.0

▶Mavenorg.apache.camel:camel-core< 3.2.0

▶Mavenorg.apache.camel:camel-management< 3.2.0

▶NVDapache/camel2.22.0 — 3.1.0

▶CVEListV5apache_camelApache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0

Patches

Patch: www.openwall.com ↗Patch: camel.apache.org ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

Improper Input Validation in Apache Camel↗2021-05-21

▶

OSV

Improper Input Validation in Apache Camel↗2021-05-21

▶

CVEList

CVE-2020-11971: Apache Camel's JMX is vulnerable to Rebind Flaw↗2020-05-14

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Mediation (Apache Camel) — CVE-2020-11971↗2022-04-15

▶

Red Hat

camel: DNS Rebinding in JMX Connector could result in remote command execution↗2020-05-14

▶

Apache

Apache camel: CVE-2020-11971↗

▶

💬Community

Bugzilla

CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution↗2020-06-18

▶