Vulnerability Description
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Unomi | < 1.5.1 |
References
- http://unomi.apache.org/security/cve-2020-11975.txtPatchVendor Advisory
- https://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52
- https://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5
- http://unomi.apache.org/security/cve-2020-11975.txtPatchVendor Advisory
- https://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52
- https://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5
FAQ
What is CVE-2020-11975?
CVE-2020-11975 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...
How severe is CVE-2020-11975?
CVE-2020-11975 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-11975?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Unomi.