Published: 01/04/2020 Updated: 07/11/2023

CVSS v2 Base Score: 2.9 | Impact Score: 2.9 | Exploitability Score: 5.5

CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6

VMScore: 258

Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache cxf
oracle peoplesoft enterprise peopletools 8.56
oracle communications diameter signaling router
oracle communications session report manager
oracle communications element manager
oracle enterprise manager base platform 13.2.1.0
netapp snapmanager -
netapp oncommand workflow automation -
oracle communications diameter signaling router idih\\
oracle communications session route manager

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 733 security update on RHEL 8 Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for RHEL 8Red Hat Product Security has rated this update as having a security imp ...

Synopsis Moderate: Red Hat Single Sign-On 743 security update Type/Severity Security Advisory: Moderate Topic A security update is now available for Red Hat Single Sign-On 74 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnera ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 733 security update on RHEL 7 Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for RHEL 7Red Hat Product Security has rated this update as having a security imp ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 733 security update on RHEL 6 Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for RHEL 6Red Hat Product Security has rated this update as having a security imp ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 733 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73Red Hat Product Security has rated this update as having a security impact of Moderate A Co ...

Synopsis Important: EAP Continuous Delivery Technical Preview Release 20 security update Type/Severity Security Advisory: Important Topic This is a security update for JBoss EAP Continuous Delivery 20Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...

Synopsis Moderate: Red Hat Process Automation Manager 790 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring ...

Synopsis Moderate: Red Hat Decision Manager 790 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-14843, CVE-2019-14887, CVE-2019-20444, CVE-2019-20445, CVE-2020-1728, CVE-2020-1954, CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, CVE-2020-14195 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

NVD-CWE-noinfo http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2 https://www.oracle.com/security-alerts/cpuoct2020.html https://security.netapp.com/advisory/ntap-20220210-0001/https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:4245 https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html

Get Started

CVE-2020-1954

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect