← back
CVE-2020-11975

CVE-2020-11975

EPSS 29.9%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 29.9%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
05 Jun 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
Affected products
n/a · Apache Unomi

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95%40%3Ccommits.unomi.apache.org%3Ehttps://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460%40%3Ccommits.unomi.apache.org%3Ehttp://unomi.apache.org/security/cve-2020-11975.txt