CVSS: 8.1EPSS: 7%CPEs: 20EXPL: 0CVE-2020-14062 – jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool
https://notcve.org/view.php?id=CVE-2020-14062
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacción entre los gadgets de serialización y la escritura, relacionada con com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (también se conoce como xalan2) A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.5. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/FasterXML/jackson-databind/issues/2704 https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://security.netapp.com/advisory/ntap-20200702-0003 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuo • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.0EPSS: 91%CPEs: 77EXPL: 12CVE-2020-9484 – tomcat: deserialization flaw in session persistence storage leading to RCE
https://notcve.org/view.php?id=CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. Cuando se usa Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M4, 9.0.0.M1 hasta 9.0.34, 8.5.0 hasta 8.5.54 y 7.0.0 hasta 7.0. 103, si a) un atacante es capaz de controlar el contenido y el nombre de un archivo en el servidor; y b) el servidor está configurado para usar el PersistenceManager con un FileStore; y c) el PersistenceManager está configurado con sessionAttributeValueClassNameFilter="null" (el valor predeterminado a menos que se utilice un SecurityManager) o un filtro lo suficientemente laxo como para permitir que el objeto proporcionado por el atacante sea deserializado; y d) el atacante conoce la ruta relativa del archivo desde la ubicación de almacenamiento usada por FileStore hasta el archivo sobre el que el atacante presenta control; entonces, mediante una petición específicamente diseñada, el atacante podrá ser capaz de desencadenar una ejecución de código remota mediante la deserialización del archivo bajo su control. Tome en cuenta que todas las condiciones desde la a) hasta la d) deben cumplirse para que el ataque tenga éxito. A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. • https://github.com/masahiro331/CVE-2020-9484 https://github.com/IdealDreamLast/CVE-2020-9484 https://github.com/osamahamad/CVE-2020-9484-Mass-Scan https://github.com/PenTestical/CVE-2020-9484 https://github.com/AssassinUKG/CVE-2020-9484 https://github.com/RepublicR0K/CVE-2020-9484 https://github.com/anjai94/CVE-2020-9484-exploit https://github.com/ColdFusionX/CVE-2020-9484 https://github.com/VICXOR/CVE-2020-9484 https://github.com/seanachao/CVE-2020-9484 https://github& • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2020-1941
https://notcve.org/view.php?id=CVE-2020-1941
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. En Apache ActiveMQ versiones 5.0.0 hasta 5.15.11, la Interfaz de Usuario Gráfica de administración webconsole está abierta a un ataque de tipo XSS, en la vista que enumera el contenido de una cola. • http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-aler • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2020-1954 – cxf: JMX integration is vulnerable to a MITM attack
https://notcve.org/view.php?id=CVE-2020-1954
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. Apache CXF posee la capacidad de integrarse con JMX mediante el registro de una extensión InstrumentationManager con el bus CXF. • http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2 https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E https://security.netapp.com/advisory/ntap-20220210-0001 https://www. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2020-11111 – jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory
https://notcve.org/view.php?id=CVE-2020-11111
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionado con org.apache.activemq.* (también se conoce como activemq-jms, activemq-core, activemq-pool, y activemq-pool-jms). A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/FasterXML/jackson-databind/issues/2664 https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://security.netapp.com/advisory/ntap-20200403-0002 https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') CWE-502: Deserialization of Untrusted Data •