Rewterz Threat Alert – Fresh IOCs – LokiBot
January 22, 2021Rewterz Threat Advisory – CVE-2020-36193 – Drupal – Third-party libraries Information Disclosure Vulnerability
January 25, 2021Rewterz Threat Alert – Fresh IOCs – LokiBot
January 22, 2021Rewterz Threat Advisory – CVE-2020-36193 – Drupal – Third-party libraries Information Disclosure Vulnerability
January 25, 2021Severity
High
Analysis Summary
CVE-2020-17532
Apache ServiceComb could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when handler-router component is enabled in servicecomb-java-chassis. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
Gain Access
Affected Vendors
Apache
Affected Products
- Apache ServiceComb 2.0.0
- Apache ServiceComb 2.1.3
Remediation
Upgrade to the latest version of ServiceComb (2.1.5 or later).