A safety alert issued for Apache Camel has obtained an replace from BSI. You can learn an outline of the safety hole together with the newest updates and details about affected working techniques and merchandise right here.
Federal workplace for Security in Information Technology (BSI) issued an replace on May 23, 2024 for the Apache Camel safety vulnerability recognized on November 30, 2023. The safety vulnerability impacts the Linux working system and the merchandise Red Hat Enterprise Linux, Red Hat Integration, IBM Security Guardum, Apache Camel, Atlassian Confluence and IBM App Connect Enterprise.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability may be discovered right here: Red Hat Security Advisory RHSA-2024:3354 (From 24 May 2024). Some helpful hyperlinks are listed later on this article.
Apache Camel Security Advisory – Risk: Medium
Risk degree: 3 (average)
CVSS Base Score: 7.5
CVSS provisional rating: 6.5
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS commonplace makes it potential to check potential or precise safety dangers primarily based on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For non permanent impact, body situations which will change over time are thought-about within the take a look at. According to CVSS, the chance of the vulnerability talked about right here is rated as “average” with 7.5 foundation factors.
Apache Camel Bug: Multiple vulnerabilities enable denial of service
Apache Camel is an integration framework that makes use of Enterprise Integration patterns.
A distant, unknown attacker may exploit a number of vulnerabilities in Apache Camel to trigger a denial of service situation.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2023-39410 and CVE-2023-5072 on the market.
Systems affected by the safety hole at a look
working system
Linux
Products
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Camel Extensions for Quarkus Red Hat Integration 1 (cpe:/a:redhat:integration)
IBM Security Guardium (cpe:/a:ibm:security_guardium)
Apache Camel Red Hat Integration Camel Ok 1 (cpe:/a:redhat:integration)
Atlassian Confluence Atlassian Confluence Atlassian Confluence IBM App Connect Enterprise (cpe:/a:ibm:app_connect_enterprise)
Atlassian Confluence
Common steps to handle IT safety gaps
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically accommodates further details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace out there.
Sources for updates, patches and workarounds
Here you can find some hyperlinks with details about bug reviews, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3354 vom 2024-05-24 (23.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:1353 vom 2024-03-18 (17.03.2024)
For extra data, see:
Atlassian Security Bulletin February 2024 (20.02.2024)
For extra data, see:
IBM Security Bulletin 7114471 vom 2024-02-02 (04.02.2024)
For extra data, see:
IBM Security Bulletin 7107825 vom 2024-01-16 (16.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:0148 vom 2024-01-10 (10.01.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7842 vom 2023-12-14 (14.12.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7845 vom 2023-12-15 (14.12.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7705 vom 2023-12-08 (07.12.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7639 vom 2023-12-05 (04.12.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7641 vom 2023-12-05 (04.12.2023)
For extra data, see:
Red Hat Security Advisory RHSA-2023:7638 vom 2023-12-05 (04.12.2023)
For extra data, see:
Security Advisory vom 2023-11-30 (30.11.2023)
For extra data, see:
Version historical past of this safety alert
This is model 10 of this Apache Camel IT safety discover. If additional updates are introduced, this doc will probably be up to date. You can examine modifications or additions on this model historical past.
November 30, 2023 – First model
12/04/2023 – New updates from Red Hat added
12/07/2023 – New updates from Red Hat added
12/14/2023 – New updates from Red Hat added
01/10/2024 – New updates from Red Hat added
01/16/2024 – New updates from IBM added
02/04/2024 – New updates from IBM added
02/20/2024 – New updates added
03/17/2024 – New updates from Red Hat have been added
05/23/2024 – New updates from Red Hat added
+++ Editorial be aware: This doc is predicated on present BSI knowledge and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you can find scorching information, present movies and a direct line to the editorial staff.
kns/roj/information.de