5 matches found
CVE-2020-11975
creationtimestamp| type| source ---|---|--- 2025-07-22 03:54:24+00:00| seen| MISP/a3c5beab-b790-4171-8b4c-02c8a9678071 2025-08-23 21:02:23+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lx3ulqgg3x2t 2025-09-09 11:53:40+00:00| seen| MISP/a3c5beab-b790-4171-8b4c-02c8a9678071...
VulnCheck KEV: CVE-2020-11975
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...
Exploit for CVE-2020-11975
Statement The vulnerability detection methods, documents, a...
Remote Code Execution
unomi-plugins-base is vulnerable to arbitrary code execution. An insufficient fix for CVE-2020-11975 allows an attacker to bypass the allowlist and blocklist and remotely execute arbitrary code...
CVE-2020-11975
CVE-2020-11975 affects Apache Unomi. The connected documents confirm OGNL-based injection in conditions that can call static Java classes, enabling arbitrary code execution with the Java process’s privileges. This is described as a remote code execution vector and is exploitable through OGNL (and...