ID

VAR-202007-1429


CVE

CVE-2020-11994


TITLE

Camel Injection vulnerabilities in template components

Trust: 0.8

sources: JVNDB: JVNDB-2020-007676

DESCRIPTION

Server-Side Template Injection and arbitrary file disclosure on Camel templating components. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Tomcat is a lightweight web application server developed by the Apache Software Foundation. The program implements support for Servlet and JavaServer Page (JSP). A security vulnerability exists in Apache Tomcat. An attacker could exploit this vulnerability to access or modify information associated with the web application. The following products and versions are affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, 7.0.0 to Version 7.0.75. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Security Fix(es): * libquartz: XXE attacks via job description (CVE-2019-13990) * jetty: double release of resource can lead to information disclosure (CVE-2019-17638) * keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714) * springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution (CVE-2020-11972) * camel: Netty enables Java deserialization by default which could leed to remote code execution (CVE-2020-11973) * shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass (CVE-2020-11989) * camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994) * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) * shiro: specially crafted HTTP request may cause an authentication bypass (CVE-2020-13933) * RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326) * jackson-modules-java8: DoS due to an Improper Input Validation (CVE-2018-1000873) * thrift: Endless loop when feed with specific input data (CVE-2019-0205) * thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * mysql-connector-java: privilege escalation in MySQL connector (CVE-2019-2692) * spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3773) * spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3774) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219) * org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library (CVE-2019-11777) * cxf: does not restrict the number of message attachments (CVE-2019-12406) * cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343) * Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719) * apache-flink: JMX information disclosure vulnerability (CVE-2020-1960) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers (CVE-2020-9489) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * camel: DNS Rebinding in JMX Connector could result in remote command execution (CVE-2020-11971) * karaf: A remote client could create MBeans from arbitrary URLs (CVE-2020-11980) * tika: excessive memory usage in PSDParser (CVE-2020-1950) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability 1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution 1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution 1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers 1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass 1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS 1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure 1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass 1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Fuse/A-MQ 6.3 R17 security and bug fix update Advisory ID: RHSA-2020:3587-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:3587 Issue date: 2020-09-01 CVE Names: CVE-2019-9827 CVE-2019-10086 CVE-2020-11994 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Security fix(es): * commons-beanutils: apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) * Camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994) * hawtio: server side request forgery via initial /proxy/ substring of a URI (CVE-2019-9827) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). 4. References: https://access.redhat.com/security/cve/CVE-2019-9827 https://access.redhat.com/security/cve/CVE-2019-10086 https://access.redhat.com/security/cve/CVE-2020-11994 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX05eBtzjgjWX9erEAQhHQxAApQ4OX0s4px/8hoxBldKrHA1TdRdI3wYD WNGBzCh6b07BjRIlLz25fNlLFehgiTDA8cHejO5krVafGjhHn184dB7h+1okhujw XFet7NgMV0M2d5xiIgthsLM08Hu+x/3+VzOqgh/VxHOils+ud6wcLFIIUWX6C8mI LFUfdxeLXl4RKqVQmK0GPCMjhGH/34wcKW9/L/L1cOpsMVGP5gQU41NFsl//siII Lt2sfWUAGUJn/bxW/MISU+tMTdhk2qao4dqAziiqUzhnGP64jDUhU3Sk7vVtHPvk 7OS9aDY+rDbaHZuyFe+doqmC2s87cr74oK4U7E3Gfd642U+W7UuEJt22VUcPiBjP 78h0RRPuifdTPd5R+rwHRuOZL9JWNm71KvOBPyTaD+Pi8IRMtu12wQgqVVcPKDQa v6TbUrK/ChQYrj1Wb3B02Rn1Qz2S1nKo8cCdyd0ZaMydr5bxHfLrIZb261w5m04/ Y4CrUo4WiAKtKXZ1RC0RrF+G2OBBudhl/heBd/2IV+XVpcKAwmg0GuwXaLZg+HN1 OKS4HaOQdaUSzY/Qbd9GaMA+to/yv25SFlxl6S5m52z465fI74DNhMbw1nIzN6Rc 36fjSM3lXLvyIQVFrcuwaMdwGKXRrUIvRFATLqBntTWJIsx4DJlA2CtUZNLD8066 uLY75tdZ+6k=K8Z1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.52

sources: NVD: CVE-2020-11994 // JVNDB: JVNDB-2020-007676 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-164628 // VULMON: CVE-2020-11994 // PACKETSTORM: 160562 // PACKETSTORM: 159023

AFFECTED PRODUCTS

vendor:apachemodel:camelscope:eqversion:2.25.1

Trust: 1.0

vendor:apachemodel:camelscope:lteversion:2.23.4

Trust: 1.0

vendor:apachemodel:camelscope:gteversion:2.22.0

Trust: 1.0

vendor:apachemodel:camelscope:eqversion:2.25.0

Trust: 1.0

vendor:apachemodel:camelscope:lteversion:2.24.3

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.4.0.0

Trust: 1.0

vendor:apachemodel:camelscope:lteversion:2.22.5

Trust: 1.0

vendor:apachemodel:camelscope:gteversion:2.23.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:apachemodel:camelscope:gteversion:2.24.0

Trust: 1.0

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:apachemodel:camelscope:lteversion:3.3.0

Trust: 1.0

vendor:apachemodel:camelscope:gteversion:3.0.0

Trust: 1.0

vendor:apachemodel:camelscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-007676 // NVD: CVE-2020-11994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11994
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-007676
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202007-381
value: HIGH

Trust: 0.6

VULHUB: VHN-164628
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-11994
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-11994
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007676
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-164628
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-11994
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007676
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-164628 // VULMON: CVE-2020-11994 // JVNDB: JVNDB-2020-007676 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202007-381 // NVD: CVE-2020-11994

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.9

sources: VULHUB: VHN-164628 // JVNDB: JVNDB-2020-007676 // NVD: CVE-2020-11994

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 160562 // CNNVD: CNNVD-202007-381

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-007676

PATCH

title:[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosureurl:https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E

Trust: 0.8

title:Apache Tomcat Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124081

Trust: 0.6

title:Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R17 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203587 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.8.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205568 - Security Advisory

Trust: 0.1

sources: VULMON: CVE-2020-11994 // JVNDB: JVNDB-2020-007676 // CNNVD: CNNVD-202007-381

EXTERNAL IDS

db:NVDid:CVE-2020-11994

Trust: 2.8

db:PACKETSTORMid:160562

Trust: 0.8

db:PACKETSTORMid:159023

Trust: 0.8

db:OPENWALLid:OSS-SECURITY/2020/05/14/9

Trust: 0.8

db:JVNDBid:JVNDB-2020-007676

Trust: 0.8

db:CNNVDid:CNNVD-202007-381

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2020.2999

Trust: 0.6

db:AUSCERTid:ESB-2020.4464

Trust: 0.6

db:CS-HELPid:SB2021042519

Trust: 0.6

db:NSFOCUSid:49524

Trust: 0.6

db:CNVDid:CNVD-2020-46232

Trust: 0.1

db:VULHUBid:VHN-164628

Trust: 0.1

db:VULMONid:CVE-2020-11994

Trust: 0.1

sources: VULHUB: VHN-164628 // VULMON: CVE-2020-11994 // JVNDB: JVNDB-2020-007676 // PACKETSTORM: 160562 // PACKETSTORM: 159023 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202007-381 // NVD: CVE-2020-11994

REFERENCES

url:https://www.oracle.com/security-alerts/cpujan2021.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-11994

Trust: 1.6

url:https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3cannounce.tomcat.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3cannounce.tomcat.apache.org%3e

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11994

Trust: 0.8

url:https://www.openwall.com/lists/oss-security/2020/05/14/9

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49524

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2999/

Trust: 0.6

url:https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-january-2021-34371

Trust: 0.6

url:https://packetstormsecurity.com/files/160562/red-hat-security-advisory-2020-5568-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4464/

Trust: 0.6

url:https://packetstormsecurity.com/files/159023/red-hat-security-advisory-2020-3587-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042519

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2020:3587

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-11994

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/74.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1719

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.8.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11972

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9488

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000873

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11989

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10740

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11980

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11972

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11989

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0210

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11980

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1393

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11971

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000873

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7226

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14900

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0210

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10683

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10683

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5398

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14900

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13933

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3774

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10740

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19343

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11971

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19343

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5568

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3773

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0205

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9827

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker&downloadtype=securitypatches&version=6.3.0

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse&downloadtype=securitypatches&version=6.3

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9827

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10086

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10086

Trust: 0.1

sources: VULHUB: VHN-164628 // VULMON: CVE-2020-11994 // JVNDB: JVNDB-2020-007676 // PACKETSTORM: 160562 // PACKETSTORM: 159023 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202007-381 // NVD: CVE-2020-11994

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 160562 // PACKETSTORM: 159023 // CNNVD: CNNVD-202007-381

SOURCES

db:VULHUBid:VHN-164628
db:VULMONid:CVE-2020-11994
db:JVNDBid:JVNDB-2020-007676
db:PACKETSTORMid:160562
db:PACKETSTORMid:159023
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202007-381
db:NVDid:CVE-2020-11994

LAST UPDATE DATE

2024-11-23T20:45:54.785000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-164628date:2022-04-01T00:00:00
db:VULMONid:CVE-2020-11994date:2021-01-20T00:00:00
db:JVNDBid:JVNDB-2020-007676date:2020-08-21T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202007-381date:2022-03-01T00:00:00
db:NVDid:CVE-2020-11994date:2024-11-21T04:59:04.400

SOURCES RELEASE DATE

db:VULHUBid:VHN-164628date:2020-07-08T00:00:00
db:VULMONid:CVE-2020-11994date:2020-07-08T00:00:00
db:JVNDBid:JVNDB-2020-007676date:2020-08-21T00:00:00
db:PACKETSTORMid:160562date:2020-12-16T18:17:52
db:PACKETSTORMid:159023date:2020-09-01T15:37:46
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202007-381date:2020-07-08T00:00:00
db:NVDid:CVE-2020-11994date:2020-07-08T16:15:11.010