CVE-2023-28935
UNKNOWN
Published 2023-03-30T09:10:11.178Z
Actions:
CVSS Score
V3.1
8.8
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.001
probability
of exploitation in the wild
There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.472
Higher than 47.2% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC.
When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process.
As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
Affected Versions:
Published: 2023-03-30T09:10:11.178Z
Last Modified: 2024-10-23T15:12:10.819Z
Copied to clipboard!