9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Apache MINA is a web application framework from the Apache Foundation (USA). The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions have a deserialization vulnerability, which stems from the use of Java deserialization to load serialized java.security.PrivateKey, which can be exploited by an attacker to load the host key of an SSH server.
CPE | Name | Operator | Version |
---|---|---|---|
apache apache mina | le | 2.9.1 |