Lucene search
PRIOn knowledge basePRION:CVE-2023-28935HistoryMar 30, 2023 - 10:15 a.m.
Command injection
2023-03-3010:15:00
PRIOn knowledge base
www.prio-n.com
command injection
apache uima ducc
authenticated user
command execution
system user
UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the “Distributed UIMA Cluster Computing” (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the “Distributed UIMA Cluster Computing” module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Related
cnvd
cnvd
Apache UIMA DUCC Command Injection Vulnerability
2023-04-03 00:00:00
cve
cve
CVE-2023-28935
2023-03-30 10:15:07
osv
osv
Apache UIMA DUCC allows remote code execution
2023-03-30 12:30:15
nvd
nvd
CVE-2023-28935
2023-03-30 10:15:07
github
github
Apache UIMA DUCC allows remote code execution
2023-03-30 12:30:15
veracode
veracode
Command Injection
2023-04-06 15:06:00
cvelist
cvelist
CVE-2023-28935 Apache UIMA DUCC: DUCC (EOL) allows RCE
2023-03-30 09:10:11