VDB
CVE-2024-23114
CVE-2024-23114
PUBLISHED
In Apache Camel existieren mehrere Schwachstellen. Das Camel-SQL AggregationRepository und das Camel-CassandraQL AggregationRepository sind gegen eine unsichere Deserialisierung anfällig. Ein Angreifer kann diese Schwachstelle ausnutzen, um bösartige Nutzdaten zu deserialisieren.
EPSS 1.35% · 80.4th percentile
Risk Scores
EPSS Score
1.35%
80.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Integration Camel K 1 | |
| Apache | Apache Camel <4.4.0 | |
| Apache | Apache Camel <3.21.4 | |
| Apache | Apache Camel <4.0.4 | |
| Apache | Apache Camel <3.22.1 |
Exploit Intelligence
- CIRCL seen: CVE-2024-23114 (circl-sighting)
- CIRCL seen: CVE-2024-23114 (circl-sighting)
- CIRCL seen: CVE-2024-23114 (circl-sighting)
- CIRCL seen: CVE-2024-23114 (circl-sighting)
- https://camel.apache.org/security/CVE-2024-23114.html (circl)
Timeline
- Feb 18, 2024 CVE Published
- Feb 20, 2024 PoC Published
- Feb 20, 2024 PoC Published
- Feb 21, 2024 EPSS Score
- Feb 21, 2024 PoC Published
- Mar 8, 2024 PoC Published
- Mar 19, 2024 EPSS Score
- Apr 15, 2024 EPSS Score
- Jun 7, 2024 EPSS Score
- Jul 4, 2024 EPSS Score
- Jul 31, 2024 EPSS Score
- Aug 27, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0418.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0418 advisory
- https://camel.apache.org/security/CVE-2024-22369.htm advisory
- https://camel.apache.org/security/CVE-2024-23114.html advisory
- https://access.redhat.com/errata/RHSA-2024:8339 advisory