Vulnerabilities > CVE-2020-1954

CVSS 5.3 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

high complexity

apache

oracle

netapp

NVD

Published: 2020-04-01

Updated: 2023-11-07

Summary

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache CXF 3.3.0 Apache CXF 3.3.1 Apache CXF 3.3.2 Apache CXF 3.3.3 Apache CXF 3.3.4 Apache CXF 3.3.5 Apache CXF 2.0.6 Apache CXF 2.0.7 Apache CXF 2.0.8 Apache CXF 2.0.9 Apache CXF 2.0.10 Apache CXF 2.0.11 Apache CXF 2.0.12 Apache CXF 2.0.13 Apache CXF 2.1.0 Apache CXF 2.1.1 Apache CXF 2.1.2 Apache CXF 2.1.3 Apache CXF 2.1.4 Apache CXF 2.1.5 Apache CXF 2.1.6 Apache CXF 2.1.7 Apache CXF 2.1.8 Apache CXF 2.1.9 Apache CXF 2.1.10 Apache CXF 2.2.0 Apache CXF 2.2.1 Apache CXF 2.2.2 Apache CXF 2.2.3 Apache CXF 2.2.4 Apache CXF 2.2.5 Apache CXF 2.2.6 Apache CXF 2.2.7 Apache CXF 2.2.8 Apache CXF 2.2.9 Apache CXF 2.2.10 Apache CXF 2.2.11 Apache CXF 2.2.12 Apache CXF 2.3.0 Apache CXF 2.3.1 Apache CXF 2.3.2 Apache CXF 2.3.3 Apache CXF 2.3.4 Apache CXF 2.3.5 Apache CXF 2.3.6 Apache CXF 2.3.7 Apache CXF 2.3.8 Apache CXF 2.3.9 Apache CXF 2.3.10 Apache CXF 2.3.11 Apache CXF 2.4.0 Apache CXF 2.4.1 Apache CXF 2.4.2 Apache CXF 2.4.3 Apache CXF 2.4.4 Apache CXF 2.4.5 Apache CXF 2.4.6 Apache CXF 2.4.7 Apache CXF 2.4.8 Apache CXF 2.4.9 Apache CXF 2.4.10 Apache CXF 2.5.0 Apache CXF 2.5.1 Apache CXF 2.5.2 Apache CXF 2.5.3 Apache CXF 2.5.4 Apache CXF 2.5.5 Apache CXF 2.5.6 Apache CXF 2.5.7 Apache CXF 2.5.8 Apache CXF 2.5.9 Apache CXF 2.5.10 Apache CXF 2.5.11 Apache CXF 2.6.0 Apache CXF 2.6.1 Apache CXF 2.6.2 Apache CXF 2.6.3 Apache CXF 2.6.4 Apache CXF 2.6.5 Apache CXF 2.6.6 Apache CXF 2.6.7 Apache CXF 2.6.8 Apache CXF 2.6.9 Apache CXF 2.6.10 Apache CXF 2.6.11 Apache CXF 2.6.12 Apache CXF 2.6.13 Apache CXF 2.6.14 Apache CXF 2.6.15 Apache CXF 2.6.16 Apache CXF 2.6.17 Apache CXF 2.7.0 Apache CXF 2.7.1 Apache CXF 2.7.2 Apache CXF 2.7.3 Apache CXF 2.7.4 Apache CXF 2.7.5 Apache CXF 2.7.6 Apache CXF 2.7.7 Apache CXF 2.7.8 Apache CXF 2.7.9 Apache CXF 2.7.10 Apache CXF 2.7.11 Apache CXF 2.7.12 Apache CXF 2.7.13 Apache CXF 2.7.14 Apache CXF 2.7.15 Apache CXF 2.7.16 Apache CXF 2.7.17 Apache CXF 2.7.18 Apache CXF 3.0.0 Apache CXF 3.0.1 Apache CXF 3.0.2 Apache CXF 3.0.3 Apache CXF 3.0.4 Apache CXF 3.0.5 Apache CXF 3.0.6 Apache CXF 3.0.7 Apache CXF 3.0.8 Apache CXF 3.0.9 Apache CXF 3.0.10 Apache CXF 3.0.11 Apache CXF 3.0.12 Apache CXF 3.0.13 Apache CXF 3.0.14 Apache CXF 3.0.15 Apache CXF 3.0.16 Apache CXF 3.1.0 Apache CXF 3.1.1 Apache CXF 3.1.2 Apache CXF 3.1.3 Apache CXF 3.1.4 Apache CXF 3.1.5 Apache CXF 3.1.6 Apache CXF 3.1.7 Apache CXF 3.1.8 Apache CXF 3.1.9 Apache CXF 3.1.10 Apache CXF 3.1.11 Apache CXF 3.1.12 Apache CXF 3.1.13 Apache CXF 3.1.14 Apache CXF 3.1.15 Apache CXF 3.1.16 Apache CXF 3.1.17 Apache CXF 3.2.0 Apache CXF 3.2.1 Apache CXF 3.2.2 Apache CXF 3.2.3 Apache CXF 3.2.4 Apache CXF 3.2.5 Apache CXF 3.2.6 Apache CXF 3.2.7 Apache CXF 3.2.8 Apache CXF 3.2.9 Apache CXF 3.2.10 Apache CXF 3.2.11 Apache CXF 3.2.12	158
Application	Oracle Oracle Peoplesoft Enterprise Peopletools 8.56 Oracle Communications Diameter Signaling Router 8.0.0 Oracle Communications Diameter Signaling Router 8.0.0.0 Oracle Communications Diameter Signaling Router 8.1 Oracle Communications Diameter Signaling Router 8.2 Oracle Communications Diameter Signaling Router 8.2.1 Oracle Communications Diameter Signaling Router 8.2.2 Oracle Communications Session Report Manager 8.2.0 Oracle Communications Session Report Manager 8.2.1 Oracle Communications Session Report Manager 8.2.2 Oracle Communications Element Manager 8.2.0 Oracle Communications Element Manager 8.2.0.0 Oracle Communications Element Manager 8.2.1 Oracle Communications Element Manager 8.2.2 Oracle Enterprise Manager Base Platform 13.2.1.0 Oracle Communications Diameter Signaling Router Idih Oracle Communications Session Route Manager 8.2.0 Oracle Communications Session Route Manager 8.2.0.0 Oracle Communications Session Route Manager 8.2.1 Oracle Communications Session Route Manager 8.2.2	21
Application	Netapp Netapp Snapmanager - Netapp Oncommand Workflow Automation -	2

Vulnerabilities > CVE-2020-1954 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2020-1954"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2020-1954