Vulnerability Description
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Camel | >= 2.22.0, <= 2.22.5 |
| Oracle | Communications Diameter Signaling Router | >= 8.0.0, <= 8.5.0 |
| Oracle | Enterprise Manager Base Platform | 13.4.0.0 |
| Oracle | Enterprise Repository | 11.1.1.7.0 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf686
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
- https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf686
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlPatchThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
FAQ
What is CVE-2020-11994?
CVE-2020-11994 is a vulnerability with a CVSS score of 7.5 (HIGH). Server-Side Template Injection and arbitrary file disclosure on Camel templating components
How severe is CVE-2020-11994?
CVE-2020-11994 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11994?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Camel, Oracle Communications Diameter Signaling Router, Oracle Enterprise Manager Base Platform, Oracle Enterprise Repository.