| |
Vulnerability CVE-2020-11975
Published: 2020-06-05
| Description: |
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. |
Type:
CWE-20 (Improper Input Validation)
CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
10/10 |
10/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
http://unomi.apache.org/security/cve-2020-11975.txt
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
