← back
CVE-2020-11975

CVE-2020-11975

EPSS 29.9%◆ VulnCheck KEV
Vexday Risk Score
65High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 29.9%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
05 Jun 2020Published on NVD
24 Nov 2020Public PoC
Weaponization speed
171 daysto first PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
Affected products
n/a · Apache Unomi
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.