Lucene search

Veracode Vulnerability DatabaseVERACODE:25442

HistoryMay 15, 2020 - 7:15 a.m.

JMX Rebind Flaw

2020-05-1507:15:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

camel-main is vulnerable to JMX rebind. The vulnerability exists due to the lack of security on JMX connector configuration.

CPENameOperatorVersion
camel :: mainle3.1.0
camel :: managementle3.1.0
camel :: apile3.1.0
camel :: core xmlle3.1.0
camel :: management apile3.1.0
camel :: mainle3.1.0
camel :: managementle3.1.0
camel :: apile3.1.0
camel :: core xmlle3.1.0
camel :: management apile3.1.0

Name	Operator	Version
camel :: main	le	3.1.0
camel :: management	le	3.1.0
camel :: api	le	3.1.0
camel :: core xml	le	3.1.0
camel :: management api	le	3.1.0
camel :: main	le	3.1.0
camel :: management	le	3.1.0
camel :: api	le	3.1.0
camel :: core xml	le	3.1.0
camel :: management api	le	3.1.0

References

www.openwall.com/lists/oss-security/2020/05/14/7

camel.apache.org/security/CVE-2020-11971.html

github.com/apache/camel/commit/36b55f9cfa50a2056c70f98d66c29a95ddc724e1

github.com/apache/camel/pull/3692

issues.apache.org/jira/browse/CAMEL-14742

issues.apache.org/jira/browse/CAMEL-14811

lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9@%3Ccommits.camel.apache.org%3E

lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a@%3Ccommits.camel.apache.org%3E

lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3Cusers.activemq.apache.org%3E

lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4@%3Ccommits.camel.apache.org%3E

lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3Cusers.activemq.apache.org%3E

lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649@%3Cissues.activemq.apache.org%3E

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpuoct2020.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:25442