Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2019-0188

CVE information

Published

3 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

Description

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed..

CVSSv2.0 Score

Severity
Medium
Base Score
5/10
Exploit Score
10/10
Access Vector
Network
Access Complexity
Low
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

CVSSv3.1 Score

Severity
High
Base Score
7.5/10
Exploit Score
3.9/10
Access Vector
Network
Access Complexity
Low
Privileges Required
None
Impact Score
3.6/10
Confidentiality Impact
High
Availability Impact
None
Integrity Impact
None
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
  Yes
- 2.24.0
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*
  Yes
- -
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*
  Yes
- -
cpe:2.3:a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:
  Yes
- -
cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:
  Yes
- -