Home

CVE-2020-1954

Description

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the createMBServerConnectorFactory property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.216

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-1954 are fixed in Apache-cxf-rt-management 3.2.13Windows
Vulnerabilities CVE-2020-1954 are fixed in Apache-cxf-rt-management 3.3.6Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.5Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.6Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.7Windows
Vulnerabilities CVE-2020-1954 are fixed in Apache-cxf-rt-management for Linux 3.2.13Linux
Vulnerabilities CVE-2020-1954 are fixed in Apache-cxf-rt-management for Linux 3.3.6Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234