Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to Camel-core (CVE-2020-11971)

Summary Rebind Flaw vulnerability in Camel-core may affect IBM Spectrum Control. CVE-2020-11971. Vulnerability Details CVEID:CVE-2020-11971 DESCRIPTION: Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrad...

Important: Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.33.0 security update & enhancements

Release of OpenShift Serverless Logic 1.33.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

de.ikor.sip.foundation:sip-integration-starter (=3.2.0), de.ikor.sip.foundation:sip-security (=3.2.0) +95 more potentially affected by CVE-2024-22371 via org.apache.camel:camel-core (>=4.0.0 <=4.0.3)

org.apache.camel:camel-core MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.3 a...

com.artnaseef:correlation-id-utils-camel-v4 (=2.4.0), com.garethahealy:camel-parent (>=1.0.2 <=1.0.4) +88 more potentially affected by CVE-2024-22371 via org.apache.camel:camel-core (>=4.1.0 <=4.3.0)

org.apache.camel:camel-core MAVEN version =4.1.0, =1.0.2, =3.3.0, =3.3.0, =3.3.0, =1.10.0, =1.38.0 - io.dscope:dscope-camel-iso20022 =0.2.0 - io.fabric8.examples.fabric-camel-dosgi:camel-route =1.2.0.redhat-133 - io.fabric8.examples.fabric-camel-dosgi:dosgi-service =1.2.0.redhat-133 -...

org.apache.camel.karaf:camel-commands-core (=3.22.0), org.apache.camel.karaf:camel-karaf-commands (=3.22.0) +14 more potentially affected by CVE-2024-22371 via org.apache.camel:camel-core (=3.22.0)

org.apache.camel:camel-core MAVEN version =3.22.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-core and may be impacted: - org.apache.camel.karaf:camel-commands-core =3.22.0 - org.apache.camel.karaf:camel-karaf-commands =3.22....

com.bitbreeds.webrtc:webrtc-example (=0.2.5), com.bitbreeds.webrtc:webrtc-signaling (=0.2.5) +504 more potentially affected by CVE-2024-22371 via org.apache.camel:camel-core (>=3.0.0 <=3.21.3)

org.apache.camel:camel-core MAVEN version =3.0.0, =3.0.0-M1, =3.11.0, =2.0.0, =2.0.0, =3.0.0, =2.3.0, =2.3.0, =2.3.0, =1.44.0-M1, =0.1.0, =0.1.1 and more Source cves: CVE-2024-22371 Source advisory: OSV:GHSA-QPXM-689R-3849...

Security Bulletin: Apache Camel Core vulnerability in IBM Tivoli Monitoring Data Provider (CVE-2020-11971)

Summary IBM Tivoli Monitoring Data provider is vulnerable to Apache Camel Core vulnerabilty CVE-2020-11971 Vulnerability Details CVEID:CVE-2020-11971 DESCRIPTION: Apache Camel could allow a remote attacker to obtain sensitive information, caused by a rebind flaw in JMX. By sending a...

com.catify.bpmn:bpmn-engine-dist-jpa-camel (=1.1), com.catify.bpmn:integration-spi-camel (=1.1) +320 more potentially affected by CVE-2013-4330 via org.apache.camel:camel-core (>=2.10.0 <=2.10.6)

org.apache.camel:camel-core MAVEN version =2.10.0, =0.3.4, =5.8.0-NESS-1, =1.5.1, =1.6.0 and more Source cves: CVE-2013-4330 Source advisory: OSV:GHSA-X9FV-C87W-55WC...

com.bluelock:camel-spring-amqp (>=1.5 <=1.6.1), com.github.jknack:mwa-camel (=0.4.0) +208 more potentially affected by CVE-2013-4330 via org.apache.camel:camel-core (>=2.11.0 <=2.11.1)

org.apache.camel:camel-core MAVEN version =2.11.0, =1.5, =1.0.0, =5.14, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.1 and more Source cves: CVE-2013-4330 Source advisory: OSV:GHSA-X9FV-C87W-55WC...

at.researchstudio.sat:won-core (>=0.2 <=0.9), at.researchstudio.sat:won-cryptography (>=0.3 <=0.6) +2755 more potentially affected by CVE-2013-4330 via org.apache.camel:camel-core (>=1.0.0 <=2.9.6)

org.apache.camel:camel-core MAVEN version =1.0.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.4, =0.9 and more Source cves: CVE-2013-4330 Source advisory: OSV:GHSA-X9FV-C87W-55WC...

org.apache-extras.camel-extra:camel-esper (=2.12.0), org.apache-extras.camel-extra:camel-esper-demo (=2.12.0) +215 more potentially affected by CVE-2013-4330 via org.apache.camel:camel-core (=2.12.0)

org.apache.camel:camel-core MAVEN version =2.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-core and may be impacted: - org.apache-extras.camel-extra:camel-esper =2.12.0 - org.apache-extras.camel-extra:camel-esper-demo...

at.researchstudio.sat:won-core (>=0.2 <=0.9), at.researchstudio.sat:won-cryptography (>=0.3 <=0.6) +3401 more potentially affected by CVE-2020-11971 via org.apache.camel:camel-core (>=1.0.0 <=3.22.4)

org.apache.camel:camel-core MAVEN version =1.0.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.4, =0.9 and more Source cves: CVE-2020-11971 Source advisory: OSV:GHSA-HFG5-XPVW-C9X4...

at.researchstudio.sat:won-core (>=0.2 <=0.9), at.researchstudio.sat:won-cryptography (>=0.3 <=0.6) +2590 more potentially affected by CVE-2019-0188 via org.apache.camel:camel-core (>=1.0.0 <=2.23.4)

org.apache.camel:camel-core MAVEN version =1.0.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.4, =0.9 and more Source cves: CVE-2019-0188 Source advisory: OSV:GHSA-H896-MX9X-G32G...

com.garethahealy.elastawatch:elastic-loader (=6.4.0), com.github.bjuvensjo:rsimulator-camel-direct (>=2.1.2 <=2.1.12) +728 more potentially affected by CVE-2019-0194 via org.apache.camel:camel-core (>=2.22.0 <=2.22.2)

org.apache.camel:camel-core MAVEN version =2.22.0, =2.1.2, =2.1.2, =0.2.1, =0.1, =2.22.0, =2.22.1 - edu.amherst.acdc:acrepo-connector-broadcast =1.2.0 - edu.amherst.acdc:acrepo-connector-idiomatic =1.2.0 - edu.amherst.acdc:acrepo-connector-triplestore =1.2.0 -...

com.github.oscerd:camel-cassandra (=2.23.0), com.playtika.sleuth:sleuth-camel-core (=1.0.2) +664 more potentially affected by CVE-2019-0194 via org.apache.camel:camel-core (=2.23.0)

org.apache.camel:camel-core MAVEN version =2.23.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-core and may be impacted: - com.github.oscerd:camel-cassandra =2.23.0 - com.playtika.sleuth:sleuth-camel-core =1.0.2 -...

com.cognifide.aet:cleaner (>=3.0.0 <=3.2.2), com.cognifide.aet:communication (>=3.0.0 <=3.2.2) +724 more potentially affected by CVE-2019-0194 via org.apache.camel:camel-core (>=2.21.0 <=2.21.4)

org.apache.camel:camel-core MAVEN version =2.21.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =0.1.7, =2.21.0, =0.0.1, =0.1.23, =0.6.0, =0.6.0, =0.6.0, =0.7.0 and more Source cves: CVE-2019-0194 Source advisory: OSV:GHSA-4WJQ-69RC-8WCP...

at.researchstudio.sat:won-core (>=0.2 <=0.9), at.researchstudio.sat:won-cryptography (>=0.3 <=0.6) +269 more potentially affected by CVE-2014-0003 via org.apache.camel:camel-core (>=2.12.0 <=2.12.2)

org.apache.camel:camel-core MAVEN version =2.12.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.4, =0.9 and more Source cves: CVE-2014-0003 Source advisory: OSV:GHSA-H6RP-8V4J-HWPH...

com.bluelock:camel-spring-amqp (>=1.5 <=1.6.3), com.github.jknack:mwa-camel (=0.4.0) +215 more potentially affected by CVE-2014-0003 via org.apache.camel:camel-core (>=2.11.0 <=2.11.3)

org.apache.camel:camel-core MAVEN version =2.11.0, =1.5, =1.5, =1.5, =1.5, =1.5, =1.0.0, =5.14, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.0, =2.11.3 and more Source cves: CVE-2014-0003 Source advisory: OSV:GHSA-H6RP-8V4J-HWPH...

at.researchstudio.sat:won-core (>=0.2 <=0.9), at.researchstudio.sat:won-cryptography (>=0.3 <=0.6) +269 more potentially affected by CVE-2014-0002 via org.apache.camel:camel-core (>=2.12.0 <=2.12.2)

org.apache.camel:camel-core MAVEN version =2.12.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.4, =0.9 and more Source cves: CVE-2014-0002 Source advisory: OSV:GHSA-2FW5-RVF2-JQ56...

com.bluelock:camel-spring-amqp (>=1.5 <=1.6.3), com.catify.bpmn:bpmn-engine-dist-jpa-camel (=1.1) +448 more potentially affected by CVE-2014-0002 via org.apache.camel:camel-core (>=1.0.0 <=2.11.3)

org.apache.camel:camel-core MAVEN version =1.0.0, =1.5, =0.3.4, =0.4.0 - com.github.microon:microon-services-calendar =0.0 - com.github.rmannibucau:camel-loader =0.0.1 - com.github.rmannibucau:diagram-generator-maven-plugin =0.0.1 and more Source cves: CVE-2014-0002 Source advisory:...