Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-1954

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.9%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 2.9
References
Products affected by CVE-2020-1954
  • Apache » Cxf » Version: 2.0.10
    cpe:2.3:a:apache:cxf:2.0.10
  • Apache » Cxf » Version: 2.0.11
    cpe:2.3:a:apache:cxf:2.0.11
  • Apache » Cxf » Version: 2.0.12
    cpe:2.3:a:apache:cxf:2.0.12
  • Apache » Cxf » Version: 2.0.13
    cpe:2.3:a:apache:cxf:2.0.13
  • Apache » Cxf » Version: 2.0.6
    cpe:2.3:a:apache:cxf:2.0.6
  • Apache » Cxf » Version: 2.0.7
    cpe:2.3:a:apache:cxf:2.0.7
  • Apache » Cxf » Version: 2.0.8
    cpe:2.3:a:apache:cxf:2.0.8
  • Apache » Cxf » Version: 2.0.9
    cpe:2.3:a:apache:cxf:2.0.9
  • Apache » Cxf » Version: 2.1
    cpe:2.3:a:apache:cxf:2.1
  • Apache » Cxf » Version: 2.1.0
    cpe:2.3:a:apache:cxf:2.1.0
  • Apache » Cxf » Version: 2.1.1
    cpe:2.3:a:apache:cxf:2.1.1
  • Apache » Cxf » Version: 2.1.10
    cpe:2.3:a:apache:cxf:2.1.10
  • Apache » Cxf » Version: 2.1.2
    cpe:2.3:a:apache:cxf:2.1.2
  • Apache » Cxf » Version: 2.1.3
    cpe:2.3:a:apache:cxf:2.1.3
  • Apache » Cxf » Version: 2.1.4
    cpe:2.3:a:apache:cxf:2.1.4
  • Apache » Cxf » Version: 2.1.5
    cpe:2.3:a:apache:cxf:2.1.5
  • Apache » Cxf » Version: 2.1.6
    cpe:2.3:a:apache:cxf:2.1.6
  • Apache » Cxf » Version: 2.1.7
    cpe:2.3:a:apache:cxf:2.1.7
  • Apache » Cxf » Version: 2.1.8
    cpe:2.3:a:apache:cxf:2.1.8
  • Apache » Cxf » Version: 2.1.9
    cpe:2.3:a:apache:cxf:2.1.9
  • Apache » Cxf » Version: 2.2.0
    cpe:2.3:a:apache:cxf:2.2.0
  • Apache » Cxf » Version: 2.2.1
    cpe:2.3:a:apache:cxf:2.2.1
  • Apache » Cxf » Version: 2.2.10
    cpe:2.3:a:apache:cxf:2.2.10
  • Apache » Cxf » Version: 2.2.11
    cpe:2.3:a:apache:cxf:2.2.11
  • Apache » Cxf » Version: 2.2.12
    cpe:2.3:a:apache:cxf:2.2.12
  • Apache » Cxf » Version: 2.2.2
    cpe:2.3:a:apache:cxf:2.2.2
  • Apache » Cxf » Version: 2.2.3
    cpe:2.3:a:apache:cxf:2.2.3
  • Apache » Cxf » Version: 2.2.4
    cpe:2.3:a:apache:cxf:2.2.4
  • Apache » Cxf » Version: 2.2.5
    cpe:2.3:a:apache:cxf:2.2.5
  • Apache » Cxf » Version: 2.2.6
    cpe:2.3:a:apache:cxf:2.2.6
  • Apache » Cxf » Version: 2.2.7
    cpe:2.3:a:apache:cxf:2.2.7
  • Apache » Cxf » Version: 2.2.8
    cpe:2.3:a:apache:cxf:2.2.8
  • Apache » Cxf » Version: 2.2.9
    cpe:2.3:a:apache:cxf:2.2.9
  • Apache » Cxf » Version: 2.3.0
    cpe:2.3:a:apache:cxf:2.3.0
  • Apache » Cxf » Version: 2.3.1
    cpe:2.3:a:apache:cxf:2.3.1
  • Apache » Cxf » Version: 2.3.10
    cpe:2.3:a:apache:cxf:2.3.10
  • Apache » Cxf » Version: 2.3.11
    cpe:2.3:a:apache:cxf:2.3.11
  • Apache » Cxf » Version: 2.3.2
    cpe:2.3:a:apache:cxf:2.3.2
  • Apache » Cxf » Version: 2.3.3
    cpe:2.3:a:apache:cxf:2.3.3
  • Apache » Cxf » Version: 2.3.4
    cpe:2.3:a:apache:cxf:2.3.4
  • Apache » Cxf » Version: 2.3.5
    cpe:2.3:a:apache:cxf:2.3.5
  • Apache » Cxf » Version: 2.3.6
    cpe:2.3:a:apache:cxf:2.3.6
  • Apache » Cxf » Version: 2.3.7
    cpe:2.3:a:apache:cxf:2.3.7
  • Apache » Cxf » Version: 2.3.8
    cpe:2.3:a:apache:cxf:2.3.8
  • Apache » Cxf » Version: 2.3.9
    cpe:2.3:a:apache:cxf:2.3.9
  • Apache » Cxf » Version: 2.4.0
    cpe:2.3:a:apache:cxf:2.4.0
  • Apache » Cxf » Version: 2.4.1
    cpe:2.3:a:apache:cxf:2.4.1
  • Apache » Cxf » Version: 2.4.10
    cpe:2.3:a:apache:cxf:2.4.10
  • Apache » Cxf » Version: 2.4.2
    cpe:2.3:a:apache:cxf:2.4.2
  • Apache » Cxf » Version: 2.4.3
    cpe:2.3:a:apache:cxf:2.4.3
  • Apache » Cxf » Version: 2.4.4
    cpe:2.3:a:apache:cxf:2.4.4
  • Apache » Cxf » Version: 2.4.5
    cpe:2.3:a:apache:cxf:2.4.5
  • Apache » Cxf » Version: 2.4.6
    cpe:2.3:a:apache:cxf:2.4.6
  • Apache » Cxf » Version: 2.4.7
    cpe:2.3:a:apache:cxf:2.4.7
  • Apache » Cxf » Version: 2.4.8
    cpe:2.3:a:apache:cxf:2.4.8
  • Apache » Cxf » Version: 2.4.9
    cpe:2.3:a:apache:cxf:2.4.9
  • Apache » Cxf » Version: 2.5.0
    cpe:2.3:a:apache:cxf:2.5.0
  • Apache » Cxf » Version: 2.5.1
    cpe:2.3:a:apache:cxf:2.5.1
  • Apache » Cxf » Version: 2.5.10
    cpe:2.3:a:apache:cxf:2.5.10
  • Apache » Cxf » Version: 2.5.11
    cpe:2.3:a:apache:cxf:2.5.11
  • Apache » Cxf » Version: 2.5.2
    cpe:2.3:a:apache:cxf:2.5.2
  • Apache » Cxf » Version: 2.5.3
    cpe:2.3:a:apache:cxf:2.5.3
  • Apache » Cxf » Version: 2.5.4
    cpe:2.3:a:apache:cxf:2.5.4
  • Apache » Cxf » Version: 2.5.5
    cpe:2.3:a:apache:cxf:2.5.5
  • Apache » Cxf » Version: 2.5.6
    cpe:2.3:a:apache:cxf:2.5.6
  • Apache » Cxf » Version: 2.5.7
    cpe:2.3:a:apache:cxf:2.5.7
  • Apache » Cxf » Version: 2.5.8
    cpe:2.3:a:apache:cxf:2.5.8
  • Apache » Cxf » Version: 2.5.9
    cpe:2.3:a:apache:cxf:2.5.9
  • Apache » Cxf » Version: 2.6.0
    cpe:2.3:a:apache:cxf:2.6.0
  • Apache » Cxf » Version: 2.6.1
    cpe:2.3:a:apache:cxf:2.6.1
  • Apache » Cxf » Version: 2.6.10
    cpe:2.3:a:apache:cxf:2.6.10
  • Apache » Cxf » Version: 2.6.11
    cpe:2.3:a:apache:cxf:2.6.11
  • Apache » Cxf » Version: 2.6.12
    cpe:2.3:a:apache:cxf:2.6.12
  • Apache » Cxf » Version: 2.6.13
    cpe:2.3:a:apache:cxf:2.6.13
  • Apache » Cxf » Version: 2.6.14
    cpe:2.3:a:apache:cxf:2.6.14
  • Apache » Cxf » Version: 2.6.15
    cpe:2.3:a:apache:cxf:2.6.15
  • Apache » Cxf » Version: 2.6.16
    cpe:2.3:a:apache:cxf:2.6.16
  • Apache » Cxf » Version: 2.6.17
    cpe:2.3:a:apache:cxf:2.6.17
  • Apache » Cxf » Version: 2.6.2
    cpe:2.3:a:apache:cxf:2.6.2
  • Apache » Cxf » Version: 2.6.3
    cpe:2.3:a:apache:cxf:2.6.3
  • Apache » Cxf » Version: 2.6.4
    cpe:2.3:a:apache:cxf:2.6.4
  • Apache » Cxf » Version: 2.6.5
    cpe:2.3:a:apache:cxf:2.6.5
  • Apache » Cxf » Version: 2.6.6
    cpe:2.3:a:apache:cxf:2.6.6
  • Apache » Cxf » Version: 2.6.7
    cpe:2.3:a:apache:cxf:2.6.7
  • Apache » Cxf » Version: 2.6.8
    cpe:2.3:a:apache:cxf:2.6.8
  • Apache » Cxf » Version: 2.6.9
    cpe:2.3:a:apache:cxf:2.6.9
  • Apache » Cxf » Version: 2.7.0
    cpe:2.3:a:apache:cxf:2.7.0
  • Apache » Cxf » Version: 2.7.1
    cpe:2.3:a:apache:cxf:2.7.1
  • Apache » Cxf » Version: 2.7.10
    cpe:2.3:a:apache:cxf:2.7.10
  • Apache » Cxf » Version: 2.7.11
    cpe:2.3:a:apache:cxf:2.7.11
  • Apache » Cxf » Version: 2.7.12
    cpe:2.3:a:apache:cxf:2.7.12
  • Apache » Cxf » Version: 2.7.13
    cpe:2.3:a:apache:cxf:2.7.13
  • Apache » Cxf » Version: 2.7.14
    cpe:2.3:a:apache:cxf:2.7.14
  • Apache » Cxf » Version: 2.7.15
    cpe:2.3:a:apache:cxf:2.7.15
  • Apache » Cxf » Version: 2.7.16
    cpe:2.3:a:apache:cxf:2.7.16
  • Apache » Cxf » Version: 2.7.17
    cpe:2.3:a:apache:cxf:2.7.17
  • Apache » Cxf » Version: 2.7.18
    cpe:2.3:a:apache:cxf:2.7.18
  • Apache » Cxf » Version: 2.7.2
    cpe:2.3:a:apache:cxf:2.7.2
  • Apache » Cxf » Version: 2.7.3
    cpe:2.3:a:apache:cxf:2.7.3
  • Apache » Cxf » Version: 2.7.4
    cpe:2.3:a:apache:cxf:2.7.4
  • Apache » Cxf » Version: 2.7.5
    cpe:2.3:a:apache:cxf:2.7.5
  • Apache » Cxf » Version: 2.7.6
    cpe:2.3:a:apache:cxf:2.7.6
  • Apache » Cxf » Version: 2.7.7
    cpe:2.3:a:apache:cxf:2.7.7
  • Apache » Cxf » Version: 2.7.8
    cpe:2.3:a:apache:cxf:2.7.8
  • Apache » Cxf » Version: 2.7.9
    cpe:2.3:a:apache:cxf:2.7.9
  • Apache » Cxf » Version: 3.0.0
    cpe:2.3:a:apache:cxf:3.0.0
  • Apache » Cxf » Version: 3.0.1
    cpe:2.3:a:apache:cxf:3.0.1
  • Apache » Cxf » Version: 3.0.10
    cpe:2.3:a:apache:cxf:3.0.10
  • Apache » Cxf » Version: 3.0.11
    cpe:2.3:a:apache:cxf:3.0.11
  • Apache » Cxf » Version: 3.0.12
    cpe:2.3:a:apache:cxf:3.0.12
  • Apache » Cxf » Version: 3.0.13
    cpe:2.3:a:apache:cxf:3.0.13
  • Apache » Cxf » Version: 3.0.14
    cpe:2.3:a:apache:cxf:3.0.14
  • Apache » Cxf » Version: 3.0.15
    cpe:2.3:a:apache:cxf:3.0.15
  • Apache » Cxf » Version: 3.0.16
    cpe:2.3:a:apache:cxf:3.0.16
  • Apache » Cxf » Version: 3.0.2
    cpe:2.3:a:apache:cxf:3.0.2
  • Apache » Cxf » Version: 3.0.3
    cpe:2.3:a:apache:cxf:3.0.3
  • Apache » Cxf » Version: 3.0.4
    cpe:2.3:a:apache:cxf:3.0.4
  • Apache » Cxf » Version: 3.0.5
    cpe:2.3:a:apache:cxf:3.0.5
  • Apache » Cxf » Version: 3.0.6
    cpe:2.3:a:apache:cxf:3.0.6
  • Apache » Cxf » Version: 3.0.7
    cpe:2.3:a:apache:cxf:3.0.7
  • Apache » Cxf » Version: 3.0.8
    cpe:2.3:a:apache:cxf:3.0.8
  • Apache » Cxf » Version: 3.0.9
    cpe:2.3:a:apache:cxf:3.0.9
  • Apache » Cxf » Version: 3.1.0
    cpe:2.3:a:apache:cxf:3.1.0
  • Apache » Cxf » Version: 3.1.1
    cpe:2.3:a:apache:cxf:3.1.1
  • Apache » Cxf » Version: 3.1.10
    cpe:2.3:a:apache:cxf:3.1.10
  • Apache » Cxf » Version: 3.1.11
    cpe:2.3:a:apache:cxf:3.1.11
  • Apache » Cxf » Version: 3.1.12
    cpe:2.3:a:apache:cxf:3.1.12
  • Apache » Cxf » Version: 3.1.13
    cpe:2.3:a:apache:cxf:3.1.13
  • Apache » Cxf » Version: 3.1.14
    cpe:2.3:a:apache:cxf:3.1.14
  • Apache » Cxf » Version: 3.1.15
    cpe:2.3:a:apache:cxf:3.1.15
  • Apache » Cxf » Version: 3.1.16
    cpe:2.3:a:apache:cxf:3.1.16
  • Apache » Cxf » Version: 3.1.17
    cpe:2.3:a:apache:cxf:3.1.17
  • Apache » Cxf » Version: 3.1.2
    cpe:2.3:a:apache:cxf:3.1.2
  • Apache » Cxf » Version: 3.1.3
    cpe:2.3:a:apache:cxf:3.1.3
  • Apache » Cxf » Version: 3.1.4
    cpe:2.3:a:apache:cxf:3.1.4
  • Apache » Cxf » Version: 3.1.5
    cpe:2.3:a:apache:cxf:3.1.5
  • Apache » Cxf » Version: 3.1.6
    cpe:2.3:a:apache:cxf:3.1.6
  • Apache » Cxf » Version: 3.1.7
    cpe:2.3:a:apache:cxf:3.1.7
  • Apache » Cxf » Version: 3.1.8
    cpe:2.3:a:apache:cxf:3.1.8
  • Apache » Cxf » Version: 3.1.9
    cpe:2.3:a:apache:cxf:3.1.9
  • Apache » Cxf » Version: 3.2.0
    cpe:2.3:a:apache:cxf:3.2.0
  • Apache » Cxf » Version: 3.2.1
    cpe:2.3:a:apache:cxf:3.2.1
  • Apache » Cxf » Version: 3.2.10
    cpe:2.3:a:apache:cxf:3.2.10
  • Apache » Cxf » Version: 3.2.11
    cpe:2.3:a:apache:cxf:3.2.11
  • Apache » Cxf » Version: 3.2.12
    cpe:2.3:a:apache:cxf:3.2.12
  • Apache » Cxf » Version: 3.2.2
    cpe:2.3:a:apache:cxf:3.2.2
  • Apache » Cxf » Version: 3.2.3
    cpe:2.3:a:apache:cxf:3.2.3
  • Apache » Cxf » Version: 3.2.4
    cpe:2.3:a:apache:cxf:3.2.4
  • Apache » Cxf » Version: 3.2.5
    cpe:2.3:a:apache:cxf:3.2.5
  • Apache » Cxf » Version: 3.2.6
    cpe:2.3:a:apache:cxf:3.2.6
  • Apache » Cxf » Version: 3.2.7
    cpe:2.3:a:apache:cxf:3.2.7
  • Apache » Cxf » Version: 3.2.8
    cpe:2.3:a:apache:cxf:3.2.8
  • Apache » Cxf » Version: 3.2.9
    cpe:2.3:a:apache:cxf:3.2.9
  • Apache » Cxf » Version: 3.3.0
    cpe:2.3:a:apache:cxf:3.3.0
  • Apache » Cxf » Version: 3.3.1
    cpe:2.3:a:apache:cxf:3.3.1
  • Apache » Cxf » Version: 3.3.2
    cpe:2.3:a:apache:cxf:3.3.2
  • Apache » Cxf » Version: 3.3.3
    cpe:2.3:a:apache:cxf:3.3.3
  • Apache » Cxf » Version: 3.3.4
    cpe:2.3:a:apache:cxf:3.3.4
  • Apache » Cxf » Version: 3.3.5
    cpe:2.3:a:apache:cxf:3.3.5
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-
  • Netapp » Snapmanager » Version: N/A
    cpe:2.3:a:netapp:snapmanager:-
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih:
  • Oracle » Communications Element Manager » Version: 8.2.0
    cpe:2.3:a:oracle:communications_element_manager:8.2.0
  • Oracle » Communications Element Manager » Version: 8.2.0.0
    cpe:2.3:a:oracle:communications_element_manager:8.2.0.0
  • Oracle » Communications Element Manager » Version: 8.2.1
    cpe:2.3:a:oracle:communications_element_manager:8.2.1
  • Oracle » Communications Element Manager » Version: 8.2.2
    cpe:2.3:a:oracle:communications_element_manager:8.2.2
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.2
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.2
  • Oracle » Enterprise Manager Base Platform » Version: 13.2.1.0
    cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56


Products
Pricing
Contact Us

Shodan ® - All rights reserved