CVE-2020-1954

cxf: JMX integration is vulnerable to a MITM attack

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.

Apache CXF posee la capacidad de integrarse con JMX mediante el registro de una extensión InstrumentationManager con el bus CXF. Si la propiedad "createMBServerConnectorFactory" del InstrumentationManagerImpl predeterminado no está deshabilitada, entonces es vulnerable a un ataque de estilo man-in-the-middle (MITM). Un atacante en el mismo host puede conectar con el registro y volver a vincular la entrada a otro servidor, y así actuar como un proxy del original. Pueden luego obtener acceso a toda la información que es enviada y recibida a través de JMX.

Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-12-02 CVE Reserved
2020-04-01 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (8)

URL	Tag	Source
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E	Mailing List

URL	Date	SRC

URL	Date	SRC
https://security.netapp.com/advisory/ntap-20220210-0001	2023-11-07
https://www.oracle.com/security-alerts/cpuoct2020.html	2023-11-07

URL	Date	SRC
http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-1954	2020-11-05
https://bugzilla.redhat.com/show_bug.cgi?id=1824301	2020-11-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Cxf Search vendor "Apache" for product "Cxf"				< 3.2.13 Search vendor "Apache" for product "Cxf" and version " < 3.2.13"		-		Affected
Apache Search vendor "Apache"		Cxf Search vendor "Apache" for product "Cxf"				>= 3.3.0 < 3.3.6 Search vendor "Apache" for product "Cxf" and version " >= 3.3.0 < 3.3.6"		-		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Search vendor "Oracle" for product "Communications Diameter Signaling Router"				>= 8.0.0 <= 8.2.2 Search vendor "Oracle" for product "Communications Diameter Signaling Router" and version " >= 8.0.0 <= 8.2.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager"				>= 8.2.0 <= 8.2.2 Search vendor "Oracle" for product "Communications Element Manager" and version " >= 8.2.0 <= 8.2.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Session Report Manager Search vendor "Oracle" for product "Communications Session Report Manager"				>= 8.2.0 <= 8.2.2 Search vendor "Oracle" for product "Communications Session Report Manager" and version " >= 8.2.0 <= 8.2.2"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform"				13.2.1.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.2.1.0"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.56 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.56"		-		Affected
Netapp Search vendor "Netapp"		Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation"				-		-		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				-		sap		Affected
Oracle Search vendor "Oracle"		Communications Diameter Signaling Router Idih: Search vendor "Oracle" for product "Communications Diameter Signaling Router Idih:"				>= 8.0.0 <= 8.2.2 Search vendor "Oracle" for product "Communications Diameter Signaling Router Idih:" and version " >= 8.0.0 <= 8.2.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Element Manager Search vendor "Oracle" for product "Communications Element Manager"				>= 8.2.0 <= 8.2.2 Search vendor "Oracle" for product "Communications Element Manager" and version " >= 8.2.0 <= 8.2.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Session Report Manager Search vendor "Oracle" for product "Communications Session Report Manager"				>= 8.2.0 <= 8.2.2 Search vendor "Oracle" for product "Communications Session Report Manager" and version " >= 8.2.0 <= 8.2.2"		-		Affected
Oracle Search vendor "Oracle"		Communications Session Route Manager Search vendor "Oracle" for product "Communications Session Route Manager"				>= 8.2.0 <= 8.2.2 Search vendor "Oracle" for product "Communications Session Route Manager" and version " >= 8.2.0 <= 8.2.2"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform"				13.2.1.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.2.1.0"		-		Affected
Oracle Search vendor "Oracle"		Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools"				8.56 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.56"		-		Affected