Rewterz Threat Alert – Emissary Panda APT Group – IOCs
June 9, 2020Rewterz Threat Advisory – CVE-2020-4529 – IBM Maximo Asset Management server-side request forgery
June 9, 2020Rewterz Threat Alert – Emissary Panda APT Group – IOCs
June 9, 2020Rewterz Threat Advisory – CVE-2020-4529 – IBM Maximo Asset Management server-side request forgery
June 9, 2020Severity
Medium
Analysis Summary
Apache Unomi could allow a remote attacker to execute arbitrary code on the system, caused by an issue with allowing OGNL scripting in some conditions. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with the permission level of the running Java process.
Impact
Gain Access
Affected Vendors
Apache Unomi
Affected Products
Apache Unomi 1.5
Remediation
Upgrade to the latest version of Apache Unomi (1.5.1 or later).