[/vc_column_text][vc_column_text]Apache Unomi is a Java Open Source customer data platform designed to provide personalized customer experience. It can be integrated with CRMs, Applications, CMSs etc. And because of its efficient integration with other critical services, compromising Unomi is an ideal entry point into protected corporate networks.

Modus operandi

Attackers can craft malicious HTTP requests to Unomi servers, specifically to the /context.js\json endpoint of the server, containing arbitrary commands using Java-specific Expression Language (EL) like MVEL and OGNL. Due to insecure handling of classes (loading arbitrary classes and invoking methods) commands will get executed on the target server’s operating system within the security context of the Unomi application.

Impact

Technical Impact

Threat actors can initiate attacks, using compromised Unomi servers, to target associated critical services.
Carry out the lateral movement to compromise customer data.
Launch attacks against segmented networks thus compromising the entire network domain.

Business Impact

Compromise sensitive customer/client data.
Data breaches tarnish an organization’s reputation and branding.
Threat actors could abuse vulnerabilities to launch ransomware attacks against the target.

Mitigation

Update Apache Unomi to version 1.5.2 or above.