Impact
Apache Camel Salesforce is susceptible to header injection that allows an attacker to supply arbitrary SOQL queries, SOSL searches, or Apex REST calls by setting non-Camel-prefixed Exchange header constants. Because the HTTP header filter only blocks Camel-prefixed headers, these values bypass the filter and are read as operation parameters by the camel-salesforce producer. The injected parameters run with the full permissions of the connected Salesforce integration user, permitting unauthorized data access, modification, or deletion without requiring credentials from the attacker.
Affected Systems
Apache Camel Salesforce component versions from 4.0.0 up to but not including 4.14.8, from 0 up to but not including 4.18.3, and from 4.19.0 up to but not including 4.21.0 are affected. Affected deployments include routes that bridge an HTTP consumer (e.g., platform-http) into a salesforce: producer where Exchange header constants are used for Salesforce operation parameters.
Risk and Exploitability
The EPSS score is less than 1%, indicating a low probability of exploitation. However, the vulnerability grants extensive privileges because the injected operations execute with the full rights of the Salesforce connected user, and authentication is not required when the bridging consumer is unauthenticated. The CVE does not appear in the CISA KEV catalog. Attackers can exploit the flaw remotely by sending crafted HTTP requests that include the vulnerable headers, bypassing internal safeguards and potentially causing data exfiltration or destructive actions.
OpenCVE Enrichment