VDB
CVE-2024-52007
CVE-2024-52007
PUBLISHED
Es bestehen mehrere Schwachstellen in Apache Camel für Spring Boot. Diese Fehler existieren wegen der unsachgemäßen Behandlung von XML-Entitäten und Transformationen in der Komponente Fast Healthcare Interoperability Resources (HAPI FHIR). Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen oder auf vertrauliche Informationen zuzugreifen.
EPSS 0.33% · 55.8th percentile
Risk Scores
EPSS Score
0.33%
55.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Apache Camel <4.4.4 | |
| Red Hat | Red Hat Enterprise Linux |
Exploit Intelligence
- https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-gr3c-q7xf-47vh (circl)
- https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-6cr6-ph3p-f5rf (circl)
- https://github.com/hapifhir/org.hl7.fhir.core/issues/1571 (circl)
- https://github.com/hapifhir/org.hl7.fhir.core/pull/1717 (circl)
- https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j (circl)
- https://cwe.mitre.org/data/definitions/611.html (circl)
- https://github.com/JAckLosingHeart/CVE-2024-51132-POC (certbund)
Timeline
- Jan 20, 1970 Fix PR Merged
- Jan 21, 1970 Security Advisory
- Nov 8, 2024 CVE Published
- Nov 9, 2024 EPSS Score
- Nov 9, 2024 Coalition ESS Score
- Nov 12, 2024 Coalition ESS Score
- Nov 12, 2024 CVE Updated
- Nov 27, 2024 EPSS Score
- Dec 16, 2024 EPSS Score
- Jan 2, 2025 EPSS Score
- Jan 20, 2025 EPSS Score
- Feb 7, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3485.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3485 advisory
- https://access.redhat.com/errata/RHSA-2024:9806 advisory
- https://github.com/JAckLosingHeart/CVE-2024-51132-POC exploit
- https://access.redhat.com/errata/RHSA-2024:10035 advisory