CVE-2023-39913 Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats

🗓️ 08 Nov 2023 08:04:23Reported by apacheType

CVE-2023-39913 Apache UIMA Java SDK: Untrusted code execution via deserializatio

Reporter	Title	Published	Views	Family All 17
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache UIMA Java SDK arbitrary code execution vulnerability ( CVE-2023-39913)	5 Feb 202420:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Datacap	12 Jan 202617:46	–	ibm
IBM Security Bulletins	Security Bulletin: Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager (FNCM) component Content Search Services (CSS) / Enterprise Content Management Text Search (ECMTS)	17 Dec 202516:41	–	ibm
CNNVD	Apache UIMA 代码问题漏洞	8 Nov 202300:00	–	cnnvd
CNVD	Apache UIMA Deserialization Vulnerability	13 Nov 202300:00	–	cnvd
CVE	CVE-2023-39913	8 Nov 202308:04	–	cve
EUVD	EUVD-2023-2891	3 Oct 202520:07	–	euvd
Github Security Blog	Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability	8 Nov 202309:30	–	github
NVD	CVE-2023-39913	8 Nov 202308:15	–	nvd
OSV	GHSA-5R8J-QMCM-7G7Q Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability	8 Nov 202309:30	–	osv

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.uima:uimaj-core",
    "product": "Apache UIMA Java SDK Core",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.uima:uimaj-cpe",
    "product": "Apache UIMA Java SDK CPE",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.uima:uimaj-adapter-vinci",
    "product": "Apache UIMA Java SDK Vinci adapter",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.uima:uimaj-tools",
    "product": "Apache UIMA Java SDK tools",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "3.5.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
openwall	www.openwall.com/lists/oss-security/2023/11/08/1
lists	www.lists.apache.org/thread/lw30f4qlq3mhkhpljj16qw4fot3rg7v4

08 Nov 2023 08:06Current

8.9High risk

Vulners AI Score8.9

EPSS0.01471