Lucene search
ApacheCVELIST:CVE-2023-28935HistoryMar 30, 2023 - 9:10 a.m.
CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE
2023-03-3009:10:11
CWE-77
apache
www.cve.org
apache uima
ducc
rce
command injection
vulnerability
retired module
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Apache Software Foundation Apache UIMA DUCC.
When using the “Distributed UIMA Cluster Computing” (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process.
As the “Distributed UIMA Cluster Computing” module for UIMA is retired, we do not plan to release a fix for this issue.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Apache UIMA DUCC",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cnvd
cnvd
Apache UIMA DUCC Command Injection Vulnerability
2023-04-03 00:00:00
cve
cve
CVE-2023-28935
2023-03-30 10:15:07
osv
osv
Apache UIMA DUCC allows remote code execution
2023-03-30 12:30:15
nvd
nvd
CVE-2023-28935
2023-03-30 10:15:07
github
github
Apache UIMA DUCC allows remote code execution
2023-03-30 12:30:15
veracode
veracode
Command Injection
2023-04-06 15:06:00
prion
prion
Command injection
2023-03-30 10:15:00