We found results for “”
CVE-2020-11975
Good to know:
Date: June 5, 2020
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
Language: Java
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Input Validation
CWE-20Top Fix
Upgrade Version
Upgrade to version org.apache.unomi:unomi-services:1.5.1;org.apache.unomi:unomi-common:1.5.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | COMPLETE |
Integrity (I): | COMPLETE |
Availability (A): | COMPLETE |
Additional information: |