Christian Schneider

**Name of the Vulnerable Software and Affected Versions** Apache Camel versions prior to 2.15.5 Apache Camel versions 2.16.x prior to 2.16.1 **Description** The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request. **Recommendations** For versions prior to 2.15.5, update to version 2.15.5 or later. For versions 2.16.x prior to 2.16.1, update to version 2.16.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ versions prior to 5.13.0 **Description** The Java Message Service (JMS) in the broker fails to restrict the classes that can be serialized, leading to unsafe deserialization. This lack of input validation allows a remote attacker to execute arbitrary code by sending a specially crafted serialized `ObjectMessage` object. **Recommendations** Update to version 5.13.0 or later.

**Name of the Vulnerable Software and Affected Versions** Infoware MapSuite versions prior to 1.0.36 Infoware MapSuite versions 1.1.x prior to 1.1.49 **Description** The issue is related to an absolute path traversal vulnerability in the MapAPI. This allows remote attackers to read arbitrary files. **Recommendations** For versions prior to 1.0.36, update to version 1.0.36 or later. For versions 1.1.x prior to 1.1.49, update to version 1.1.49 or later.

**Name of the Vulnerable Software and Affected Versions** Isync versions 0.4 through 1.0.6 **Description** The issue arises from the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. **Recommendations** For Isync versions 0.4 through 1.0.6, update to version 1.0.6 or later to resolve the issue.