Lucene search

[email protected]CVE-2020-11994

HistoryJul 08, 2020 - 4:15 p.m.

CVE-2020-11994

2020-07-0816:15:00

CWE-74

[email protected]

web.nvd.nist.gov

cve-2020-11994

server-side template injection

arbitrary file disclosure

camel templating components

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.7%

JSON

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

CPENameOperatorVersion
apache:camelapache camelle2.22.5
apache:camelapache camelle2.23.4
apache:camelapache camelle2.24.3
apache:camelapache cameleq2.25.0
apache:camelapache cameleq2.25.1
apache:camelapache camelle3.3.0
oracle:enterprise_repositoryoracle enterprise repositoryeq11.1.1.7.0
oracle:enterprise_manager_base_platformoracle enterprise manager base platformeq13.4.0.0
oracle:communications_diameter_signaling_routeroracle communications diameter signaling routerle8.5.0

CPE	Name	Operator	Version
apache:camel	apache camel	le	2.22.5
apache:camel	apache camel	le	2.23.4
apache:camel	apache camel	le	2.24.3
apache:camel	apache camel	eq	2.25.0
apache:camel	apache camel	eq	2.25.1
apache:camel	apache camel	le	3.3.0
oracle:enterprise_repository	oracle enterprise repository	eq	11.1.1.7.0
oracle:enterprise_manager_base_platform	oracle enterprise manager base platform	eq	13.4.0.0
oracle:communications_diameter_signaling_router	oracle communications diameter signaling router	le	8.5.0