Lucene search

[email protected]NVD:CVE-2020-11975

HistoryJun 05, 2020 - 3:15 p.m.

CVE-2020-11975

2020-06-0515:15:10

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

Affected configurations

Nvd

Node

apacheunomiRange<1.5.1

VendorProductVersionCPE
apacheunomi*cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	unomi	*	cpe:2.3:a:apache:unomi::::::::

References

unomi.apache.org/security/cve-2020-11975.txt

lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95%40%3Ccommits.unomi.apache.org%3E

lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460%40%3Ccommits.unomi.apache.org%3E

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

Related for NVD:CVE-2020-11975

cve1 veracode2 prion1 cvelist1 osv2 github1 githubexploit3