Security Bulletin: Multiple vulnerabilities in Apache Camel core affect IBM Application Performance Management products

Summary Apache Camel core is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2014-0002 DESCRIPTION: Apache Camel could allow a remote attacker to obtain sensitive information, caused by an error in t...

com.bluelock:camel-spring-amqp (>=1.5 <=1.6.3), com.catify.bpmn:bpmn-engine-dist-jpa-camel (=1.1) +448 more potentially affected by CVE-2014-0002 via org.apache.camel:camel-core (>=1.0.0 <=2.11.3)

org.apache.camel:camel-core MAVEN version =1.0.0, =1.5, =0.3.4, =0.4.0 - com.github.microon:microon-services-calendar =0.0 - com.github.rmannibucau:camel-loader =0.0.1 - com.github.rmannibucau:diagram-generator-maven-plugin =0.0.1 and more Source cves: CVE-2014-0002 Source advisory:...

at.researchstudio.sat:won-core (>=0.2 <=0.9), at.researchstudio.sat:won-cryptography (>=0.3 <=0.6) +269 more potentially affected by CVE-2014-0002 via org.apache.camel:camel-core (>=2.12.0 <=2.12.2)

org.apache.camel:camel-core MAVEN version =2.12.0, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.4, =0.9 and more Source cves: CVE-2014-0002 Source advisory: OSV:GHSA-2FW5-RVF2-JQ56...

CVE-2014-0002

CVE-2014-0002 affects Apache Camel XSLT component. The vulnerability arises when parsing XML with external entity references, allowing an attacker to read files and potentially perform XXE-based attacks. IBM security bulletins for IBM Application Performance Management (and related Red Hat adviso...

Apache Camel XSLT XML外部实体漏洞(CVE-2014-0002)

CVECAN ID: CVE-2014-0002 Apache Camel是基于已知的企业级集成模式上的开源集成框架。 Apache Camel 2.11.0-2.11.3、Apache Camel 2.12.0-2.12.2版本的XSLT组件用xslt例程转换XML消息时会解析消息内的实体，可以提交消息到xslt例程的远程攻击者可利用此漏洞，读取可访问的运行中应用服务器上的文件，也可能执行其他更高级的XXE攻击。 0 Apache Group Camel 2.12.3 Apache Group Camel 2.11.4 厂商补丁： Apache Group ------------...

Multiple Products XML Public External Entity Information Disclosure (CVE-2013-3617; CVE-2013-4152; CVE-2013-6429; CVE-2014-0002; CVE-2014-0423)

A XML external entity XXE vulnerability exists in multiple products. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the...