![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Fresh IOCs – LokiBot
January 22, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2020-36193 – Drupal – Third-party libraries Information Disclosure Vulnerability
January 25, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Fresh IOCs – LokiBot
January 22, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2020-36193 – Drupal – Third-party libraries Information Disclosure Vulnerability
January 25, 2021Severity
High
Analysis Summary
CVE-2020-17532
Apache ServiceComb could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when handler-router component is enabled in servicecomb-java-chassis. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
Gain Access
Affected Vendors
Apache
Affected Products
- Apache ServiceComb 2.0.0
- Apache ServiceComb 2.1.3
Remediation
Upgrade to the latest version of ServiceComb (2.1.5 or later).