Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2020-11975

Published: 05/06/2020 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Unomi

Vulnerability Summary

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache unomi

Github Repositories

https://github.com/eugenebmx/CVE-2020-13942

CVE-2020-13942 unauthenticated RCE POC through MVEL and OGNL injection

CVE-2020-13942 CVE-2020-13942 POC by Eugene Rojavski Original blog post about the vulnerability: wwwcheckmarxcom/blog/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/ There are two RCE vectors: through MVEL injection and through OGNL injection Both vectors target different code though the payloads look relatively similar The previous CVE fix nvdn

https://github.com/1135/unomi_exploit

CVE-2020-11975 CVE-2020-13942

声明 此处提供的漏洞检测方法、文件等内容,均仅限于安全从业者在获得法律授权的情况下使用,目的是检测已授权的服务器的安全性。安全从业者务必遵守法律规定,禁止在没有得到授权的情况下做任何漏洞检测。 简介 参考链接 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-13942 s

https://github.com/hoanx4/apche_unomi_rce

Apache Unomi CVE-2020-13942: RCE Vulnerabilities

CVE-2020-13942 Original blog post about the vulnerability: wwwcheckmarxcom/blog/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/ There are two RCE vectors: through MVEL injection and through OGNL injection Both vectors target different code though the payloads look relatively similar The previous CVE fix nvdnistgov/vuln/detail/CVE-2020-11975 tri

References

NVD-CWE-noinfohttp://unomi.apache.org/security/cve-2020-11975.txthttps://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95%40%3Ccommits.unomi.apache.org%3Ehttps://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460%40%3Ccommits.unomi.apache.org%3Ehttps://nvd.nist.govhttps://github.com/eugenebmx/CVE-2020-13942
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook