WID-SEC-W-2024-3180
Vulnerability from csaf_certbund - Published: 2024-10-14 22:00 - Updated: 2025-11-18 23:00Summary
Apache Camel und mehrere Red Hat Produkte: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.
JBoss A-MQ ist eine Messaging-Plattform.
JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Red Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank für den schnellen Zugriff auf große Datenvolumen und Skalierbarkeit.
Angriff: Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Apache Camel und in mehreren Red Hat-Produkten ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben und beliebigen Code auszuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.\r\nJBoss A-MQ ist eine Messaging-Plattform.\r\nJBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.\r\nRed Hat JBoss Data Grid ist eine verteilte In-Memory-Datenbank f\u00fcr den schnellen Zugriff auf gro\u00dfe Datenvolumen und Skalierbarkeit.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Apache Camel und in mehreren Red Hat-Produkten ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen preiszugeben und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3180 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3180.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3180 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3180"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8064"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8339 vom 2024-10-22",
"url": "https://access.redhat.com/errata/RHSA-2024:8339"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7174634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8824 vom 2024-11-04",
"url": "https://access.redhat.com/errata/RHSA-2024:8824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8823 vom 2024-11-04",
"url": "https://access.redhat.com/errata/RHSA-2024:8823"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8826 vom 2024-11-04",
"url": "https://access.redhat.com/errata/RHSA-2024:8826"
},
{
"category": "external",
"summary": "Atlassian November 2024 Security Bulletin vom 2024-11-19",
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1456179091"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12",
"url": "https://access.redhat.com/errata/RHSA-2024:11023"
},
{
"category": "external",
"summary": "Atlassian Security Advisory JSWSERVER-26273 vom 2025-01-21",
"url": "https://confluence.atlassian.com/security/security-bulletin-january-21-2025-1489803942.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7183676 vom 2025-02-27",
"url": "https://www.ibm.com/support/pages/node/7183676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2416 vom 2025-03-05",
"url": "https://access.redhat.com/errata/RHSA-2025:2416"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7248128 vom 2025-10-16",
"url": "https://www.ibm.com/support/pages/node/7248128"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "Apache Camel und mehrere Red Hat Produkte: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:42:53.264+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-3180",
"initial_release_date": "2024-10-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-11-04T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-12-12T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Atlassian aufgenommen"
},
{
"date": "2025-02-27T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-03-05T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-20T23:00:00.000+00:00",
"number": "10",
"summary": "Produktzuordnung Atlassian Jira korrigiert"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.4.3",
"product": {
"name": "Apache Camel \u003c4.4.3",
"product_id": "T038353"
}
},
{
"category": "product_version",
"name": "4.4.3",
"product": {
"name": "Apache Camel 4.4.3",
"product_id": "T038353-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.4.3"
}
}
}
],
"category": "product_name",
"name": "Camel"
}
],
"category": "vendor",
"name": "Apache"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.3",
"product": {
"name": "Atlassian Bamboo \u003c10.0.3",
"product_id": "T039274"
}
},
{
"category": "product_version",
"name": "10.0.3",
"product": {
"name": "Atlassian Bamboo 10.0.3",
"product_id": "T039274-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.0.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.6.8",
"product": {
"name": "Atlassian Bamboo \u003c9.6.8",
"product_id": "T039275"
}
},
{
"category": "product_version",
"name": "9.6.8",
"product": {
"name": "Atlassian Bamboo 9.6.8",
"product_id": "T039275-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.6.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.20",
"product": {
"name": "Atlassian Bamboo \u003c9.2.20",
"product_id": "T039276"
}
},
{
"category": "product_version",
"name": "9.2.20",
"product": {
"name": "Atlassian Bamboo 9.2.20",
"product_id": "T039276-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:9.2.20"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.0.2",
"product_id": "T048675"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Bitbucket 10.0.2",
"product_id": "T048675-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c8.19.25 (LTS)",
"product_id": "T048676"
}
},
{
"category": "product_version",
"name": "8.19.25 (LTS)",
"product": {
"name": "Atlassian Bitbucket 8.19.25 (LTS)",
"product_id": "T048676-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:8.19.25_%28lts%29"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.13 (LTS)",
"product_id": "T048677"
}
},
{
"category": "product_version",
"name": "9.4.13 (LTS)",
"product": {
"name": "Atlassian Bitbucket 9.4.13 (LTS)",
"product_id": "T048677-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.13_%28lts%29"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.17.5",
"product": {
"name": "Atlassian Jira Data Center and Server \u003c9.17.5",
"product_id": "T040542"
}
},
{
"category": "product_version",
"name": "Data Center and Server 9.17.5",
"product": {
"name": "Atlassian Jira Data Center and Server 9.17.5",
"product_id": "T040542-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center_and_server__9.17.5"
}
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c10.3.1",
"product": {
"name": "Atlassian Jira Data Center and Server \u003c10.3.1",
"product_id": "T042108"
}
},
{
"category": "product_version",
"name": "Data Center and Server 10.3.1",
"product": {
"name": "Atlassian Jira Data Center and Server 10.3.1",
"product_id": "T042108-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center_and_server__10.3.1"
}
}
},
{
"category": "product_version_range",
"name": "Data Center and Server \u003c9.12.15 (LTS)",
"product": {
"name": "Atlassian Jira Data Center and Server \u003c9.12.15 (LTS)",
"product_id": "T042109"
}
},
{
"category": "product_version",
"name": "Data Center and Server 9.12.15 (LTS)",
"product": {
"name": "Atlassian Jira Data Center and Server 9.12.15 (LTS)",
"product_id": "T042109-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center_and_server__9.12.15_%2528lts%2529"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.0.4 IF2",
"product": {
"name": "IBM Cognos Analytics \u003c12.0.4 IF2",
"product_id": "T041469"
}
},
{
"category": "product_version",
"name": "12.0.4 IF2",
"product": {
"name": "IBM Cognos Analytics 12.0.4 IF2",
"product_id": "T041469-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:cognos_analytics:12.0.4_if2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.2.4 IF4",
"product": {
"name": "IBM Cognos Analytics \u003c11.2.4 IF4",
"product_id": "T041470"
}
},
{
"category": "product_version",
"name": "11.2.4 IF4",
"product": {
"name": "IBM Cognos Analytics 11.2.4 IF4",
"product_id": "T041470-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:cognos_analytics:11.2.4_if4"
}
}
}
],
"category": "product_name",
"name": "Cognos Analytics"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP10 IF01",
"product_id": "T038741"
}
},
{
"category": "product_version",
"name": "7.5.0 UP10 IF01",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP10 IF01",
"product_id": "T038741-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Camel K 1",
"product": {
"name": "Red Hat Integration Camel K 1",
"product_id": "T031972",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:camel_k_1"
}
}
}
],
"category": "product_name",
"name": "Integration"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss A-MQ",
"product": {
"name": "Red Hat JBoss A-MQ",
"product_id": "T038357",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:-"
}
}
},
{
"category": "product_version",
"name": "Streams 2",
"product": {
"name": "Red Hat JBoss A-MQ Streams 2",
"product_id": "T041596",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:streams_2"
}
}
}
],
"category": "product_name",
"name": "JBoss A-MQ"
},
{
"category": "product_name",
"name": "Red Hat JBoss Data Grid",
"product": {
"name": "Red Hat JBoss Data Grid",
"product_id": "T038358",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Quarkus",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform Quarkus",
"product_id": "T038356",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:quarkus"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52428",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T041469",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-38809",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T041469",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2024-38809"
},
{
"cve": "CVE-2024-38816",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T041469",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2024-38816"
},
{
"cve": "CVE-2024-45294",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T041469",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2024-45294"
},
{
"cve": "CVE-2024-47561",
"product_status": {
"known_affected": [
"T031972",
"67646",
"T038357",
"T042109",
"T038358",
"T038353",
"T038741",
"T038356",
"T039274",
"T039276",
"T039275",
"T041470",
"T021415",
"T042108",
"T041469",
"T040542",
"T048677",
"T041596",
"T048676",
"T048675"
]
},
"release_date": "2024-10-14T22:00:00.000+00:00",
"title": "CVE-2024-47561"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…