ID

VAR-202009-0277


CVE

CVE-2020-13920


TITLE

Apache ActiveMQ  Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010775

DESCRIPTION

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. Apache ActiveMQ Contains an authentication vulnerability.Information may be obtained. Apache ActiveMQ is a set of open source message middleware of the Apache Software Foundation in the United States. It supports Java message services, clusters, Spring Framework, etc. effect is a software package for adding image effects. A security vulnerability exists in Apache ActiveMQ 5.15.12. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Fuse 7.9.0 release and security update Advisory ID: RHSA-2021:3140-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2021:3140 Issue date: 2021-08-11 CVE Names: CVE-2017-5645 CVE-2017-18640 CVE-2019-12402 CVE-2019-14887 CVE-2019-16869 CVE-2019-20445 CVE-2020-1695 CVE-2020-1925 CVE-2020-1935 CVE-2020-1938 CVE-2020-5410 CVE-2020-5421 CVE-2020-6950 CVE-2020-9484 CVE-2020-10688 CVE-2020-10693 CVE-2020-10714 CVE-2020-10719 CVE-2020-11996 CVE-2020-13920 CVE-2020-13934 CVE-2020-13935 CVE-2020-13936 CVE-2020-13954 CVE-2020-13956 CVE-2020-14040 CVE-2020-14297 CVE-2020-14338 CVE-2020-14340 CVE-2020-17510 CVE-2020-17518 CVE-2020-25633 CVE-2020-25638 CVE-2020-25640 CVE-2020-25644 CVE-2020-26258 CVE-2020-26945 CVE-2020-27216 CVE-2020-28052 CVE-2021-27807 CVE-2021-27906 CVE-2021-28165 ===================================================================== 1. Summary: A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hawtio-osgi (CVE-2017-5645) * prometheus-jmx-exporter: snakeyaml (CVE-2017-18640) * apache-commons-compress (CVE-2019-12402) * karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445) * tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996) * spring-cloud-config-server (CVE-2020-5410) * velocity (CVE-2020-13936) * httpclient: apache-httpclient (CVE-2020-13956) * shiro-core: shiro (CVE-2020-17510) * hibernate-core (CVE-2020-25638) * wildfly-openssl (CVE-2020-25644) * jetty (CVE-2020-27216, CVE-2021-28165) * bouncycastle (CVE-2020-28052) * wildfly (CVE-2019-14887, CVE-2020-25640) * resteasy-jaxrs: resteasy (CVE-2020-1695) * camel-olingo4 (CVE-2020-1925) * springframework (CVE-2020-5421) * jsf-impl: Mojarra (CVE-2020-6950) * resteasy (CVE-2020-10688) * hibernate-validator (CVE-2020-10693) * wildfly-elytron (CVE-2020-10714) * undertow (CVE-2020-10719) * activemq (CVE-2020-13920) * cxf-core: cxf (CVE-2020-13954) * fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040) * jboss-ejb-client: wildfly (CVE-2020-14297) * xercesimpl: wildfly (CVE-2020-14338) * xnio (CVE-2020-14340) * flink: apache-flink (CVE-2020-17518) * resteasy-client (CVE-2020-25633) * xstream (CVE-2020-26258) * mybatis (CVE-2020-26945) * pdfbox (CVE-2021-27807, CVE-2021-27906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.9.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS 1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath 1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 5. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYRQVh9zjgjWX9erEAQjAxg/+O0wRNyDejQCX7SWv2Lvo5YZVE9Azv+hd pWFbtNu1cruoiUWY2vqArIH8KmZXWYS/EDQCe4PfIB0wKZfx9dS7y19Ct4swE4Y2 3L0DRVp9YLoqZC3ndVIk3W+RSLEODc5S3IAi6twXlmiZlAwPJXDvcs7aeUAPGc0m 93Y3lZofrpaEnyEVdoUsz0M47mQQYxNJ1nPF9FuUDsOXUqiu18JS9DsuyWwONyKw dPCxfHf3ioI+ymsYjoO+fIcu3dR6lGryvsEFY3dnXePiLlp5NBrRW359K6EQGM/e f1PsXzVYrWMikmxpGaOM7KkoLPAcvtznd4G62ZGUODyAEUKLderr9M7zG88Eg2gG Ycw5D4UkJ+QZB/qHlQJHLrrzuPybGBXSdl2VLTF/m7YZSE9C2yW1ZatyahhdEP3T +MmzU6mnbuPCrYjwL/AgCGx3ap52+2eL5HvDzf7+5plY6MVpHZQb2iiIj6H58P6g ffxr6dGJdDtw5ovzls0Gor4sb69KJ+3xrRLg2C7cndd+3RJc8SCiCRUV9QE2IHTb H3cDXlNbYcqzDxQZNUUO13+GOEgXQLrIJokA3zNXzzYFr2tivmiWF6rKrJ6UnECl 86tpZfh4vcosv3nN6Cg9VAizrMm/84B4L3T4jm/mrN4SGg3CSJqa03r7ig3+oHFX H9jzBVxbmuk= =jp7z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. ========================================================================== Ubuntu Security Notice USN-6910-1 July 23, 2024 activemq vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Apache ActiveMQ. Software Description: - activemq: Java message broker - server Details: Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7559) Peter Stöckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-11775) Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache ActiveMQ incorrectly handled authentication in certain functions. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. A remote attacker could possibly use this issue to acquire unauthenticated access. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. A remote attacker could possibly use this issue to run arbitrary code. (CVE-2022-41678) It was discovered that Apache ActiveMQ incorrectly handled deserialization. A remote attacker could possibly use this issue to run arbitrary shell commands. (CVE-2023-46604) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS activemq 5.16.1-1ubuntu0.1~esm1 Available with Ubuntu Pro libactivemq-java 5.16.1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS activemq 5.15.11-1ubuntu0.1~esm1 Available with Ubuntu Pro libactivemq-java 5.15.11-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS activemq 5.15.8-2~18.04.1~esm1 Available with Ubuntu Pro libactivemq-java 5.15.8-2~18.04.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS activemq 5.13.2+dfsg-2ubuntu0.1~esm1 Available with Ubuntu Pro libactivemq-java 5.13.2+dfsg-2ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6910-1 CVE-2015-7559, CVE-2018-11775, CVE-2020-13920, CVE-2021-26117, CVE-2022-41678, CVE-2023-46604

Trust: 2.16

sources: NVD: CVE-2020-13920 // JVNDB: JVNDB-2020-010775 // VULHUB: VHN-166747 // VULMON: CVE-2020-13920 // PACKETSTORM: 163798 // PACKETSTORM: 163874 // PACKETSTORM: 163872 // PACKETSTORM: 179704

AFFECTED PRODUCTS

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:apachemodel:activemqscope:ltversion:5.15.12

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:apachemodel:activemqscope:eqversion:debian gnu/linux

Trust: 0.8

vendor:apachemodel:activemqscope:eqversion: -

Trust: 0.8

vendor:apachemodel:activemqscope:eqversion:oracle

Trust: 0.8

vendor:apachemodel:activemqscope:eqversion:oracle communications diameter signaling router (dsr)

Trust: 0.8

vendor:apachemodel:activemqscope:eqversion:oracle flexcube private banking

Trust: 0.8

vendor:apachemodel:activemqscope: - version: -

Trust: 0.8

vendor:apachemodel:activemqscope:eqversion:debian

Trust: 0.8

sources: JVNDB: JVNDB-2020-010775 // NVD: CVE-2020-13920

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-13920
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-13920
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202009-681
value: MEDIUM

Trust: 0.6

VULHUB: VHN-166747
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-13920
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-13920
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-166747
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-13920
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-13920
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-166747 // VULMON: CVE-2020-13920 // JVNDB: JVNDB-2020-010775 // CNNVD: CNNVD-202009-681 // NVD: CVE-2020-13920

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-287

Trust: 0.1

sources: VULHUB: VHN-166747 // JVNDB: JVNDB-2020-010775 // NVD: CVE-2020-13920

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 163798 // PACKETSTORM: 179704 // CNNVD: CNNVD-202009-681

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202009-681

PATCH

title:[SECURITY] [DLA 2400-1] activemq security update Oracle Oracle Critical Patch Updateurl:http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt

Trust: 0.8

title:Apache ActiveMQ effect Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128123

Trust: 0.6

sources: JVNDB: JVNDB-2020-010775 // CNNVD: CNNVD-202009-681

EXTERNAL IDS

db:NVDid:CVE-2020-13920

Trust: 3.0

db:JVNDBid:JVNDB-2020-010775

Trust: 0.8

db:CNNVDid:CNNVD-202009-681

Trust: 0.7

db:PACKETSTORMid:163798

Trust: 0.7

db:PACKETSTORMid:163872

Trust: 0.7

db:AUSCERTid:ESB-2021.2816

Trust: 0.6

db:AUSCERTid:ESB-2021.2731

Trust: 0.6

db:AUSCERTid:ESB-2020.3471

Trust: 0.6

db:CNVDid:CNVD-2020-51793

Trust: 0.1

db:VULHUBid:VHN-166747

Trust: 0.1

db:VULMONid:CVE-2020-13920

Trust: 0.1

db:PACKETSTORMid:163874

Trust: 0.1

db:PACKETSTORMid:179704

Trust: 0.1

sources: VULHUB: VHN-166747 // VULMON: CVE-2020-13920 // JVNDB: JVNDB-2020-010775 // PACKETSTORM: 163798 // PACKETSTORM: 163874 // PACKETSTORM: 163872 // PACKETSTORM: 179704 // CNNVD: CNNVD-202009-681 // NVD: CVE-2020-13920

REFERENCES

url:http://activemq.apache.org/security-advisories.data/cve-2020-13920-announcement.txt

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-13920

Trust: 1.8

url:https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3ccommits.activemq.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3ccommits.activemq.apache.org%3e

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html

Trust: 1.0

url:https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3ccommits.activemq.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3ccommits.activemq.apache.org%3e

Trust: 0.8

url:https://vigilance.fr/vulnerability/apache-activemq-privilege-escalation-via-locateregistry-createregistry-33504

Trust: 0.6

url:https://packetstormsecurity.com/files/163872/red-hat-security-advisory-2021-3205-01.html

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-activemq-affects-ibm-sterling-secure-proxy-cve-2020-13920/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2731

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-apache-activemq-vulnerability-affects-ibm-control-center-cve-2020-13920/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-activemq-affect-ibm-operations-analytics-predictive-insights-cve-2020-11998-cve-2020-13920/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3471/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2816

Trust: 0.6

url:https://packetstormsecurity.com/files/163798/red-hat-security-advisory-2021-3140-01.html

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2020-13920

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-17518

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-17518

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-27807

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27906

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-28052

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20218

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-29582

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27222

Trust: 0.2

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=red.hat.integration&version=2021-q3

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-17521

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-17521

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27222

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-27782

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-29582

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-26238

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-27782

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-26238

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/oss-sec/2020/q3/167

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13936

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-17510

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14338

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13954

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-18640

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3140

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5410

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13934

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27216

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10688

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14887

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9484

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14297

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-5645

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14338

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10693

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1695

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11996

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12402

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12402

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13954

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25638

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-5645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14340

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.9.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14297

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-17510

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11996

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16869

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14340

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25633

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16869

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-18640

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26945

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25644

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13936

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5421

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10693

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10688

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1695

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14887

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10714

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3207

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html-single/getting_started_with_camel_quarkus_extensions/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27906

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-30468

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-27807

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_integration/2021.q3/html/getting_started_with_camel_k/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-28052

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-46604

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26117

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-11775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2015-7559

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-6910-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-41678

Trust: 0.1

sources: VULHUB: VHN-166747 // VULMON: CVE-2020-13920 // JVNDB: JVNDB-2020-010775 // PACKETSTORM: 163798 // PACKETSTORM: 163874 // PACKETSTORM: 163872 // PACKETSTORM: 179704 // CNNVD: CNNVD-202009-681 // NVD: CVE-2020-13920

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 163798 // PACKETSTORM: 163874 // PACKETSTORM: 163872

SOURCES

db:VULHUBid:VHN-166747
db:VULMONid:CVE-2020-13920
db:JVNDBid:JVNDB-2020-010775
db:PACKETSTORMid:163798
db:PACKETSTORMid:163874
db:PACKETSTORMid:163872
db:PACKETSTORMid:179704
db:CNNVDid:CNNVD-202009-681
db:NVDid:CVE-2020-13920

LAST UPDATE DATE

2024-08-14T13:15:58.207000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-166747date:2021-07-21T00:00:00
db:VULMONid:CVE-2020-13920date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-010775date:2021-02-04T05:14:00
db:CNNVDid:CNNVD-202009-681date:2021-08-20T00:00:00
db:NVDid:CVE-2020-13920date:2023-11-20T22:15:06.783

SOURCES RELEASE DATE

db:VULHUBid:VHN-166747date:2020-09-10T00:00:00
db:VULMONid:CVE-2020-13920date:2020-09-10T00:00:00
db:JVNDBid:JVNDB-2020-010775date:2021-02-04T00:00:00
db:PACKETSTORMid:163798date:2021-08-12T15:42:56
db:PACKETSTORMid:163874date:2021-08-18T15:25:13
db:PACKETSTORMid:163872date:2021-08-18T15:23:11
db:PACKETSTORMid:179704date:2024-07-24T13:35:55
db:CNNVDid:CNNVD-202009-681date:2020-09-10T00:00:00
db:NVDid:CVE-2020-13920date:2020-09-10T19:15:13.160