Lucene search
China National Vulnerability DatabaseCNVD-2023-25928HistoryApr 03, 2023 - 12:00 a.m.
Apache UIMA DUCC Command Injection Vulnerability
2023-04-0300:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
apache uima ducc
command injection
vulnerability
cluster management
apache foundation
web process
0.001 Low
EPSS
Percentile
43.7%
Apache UIMA DUCC is a cluster management system from the Apache Foundation, which provides tools, management and scheduling tools. The system provides tools, management and scheduling tools. Apache UIMA DUCC is vulnerable to a command injection vulnerability, which stems from improper neutralization of the special elements used when using the DUCC module. An attacker could exploit this vulnerability to cause command execution as a user of the system running the Web process.
Related
cve
cve
CVE-2023-28935
2023-03-30 10:15:07
osv
osv
Apache UIMA DUCC allows remote code execution
2023-03-30 12:30:15
nvd
nvd
CVE-2023-28935
2023-03-30 10:15:07
github
github
Apache UIMA DUCC allows remote code execution
2023-03-30 12:30:15
veracode
veracode
Command Injection
2023-04-06 15:06:00
prion
prion
Command injection
2023-03-30 10:15:00
cvelist
cvelist
CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE
2023-03-30 09:10:11