Patch Released for Critical Apache Unomi RCE Vulnerability

Published 05 December 2020


  • Apache Unomi is a Java Open Source customer data platform designed to provide personalized customer experience.
  • Since it can be integrated with CRMs, Applications, CMSs etc. And because of its efficient integration with other critical services, compromising Unomi is an ideal entry point into protected corporate networks.

Share this Threat Intel:

Advisory Vulnerability Intelligence
Vendor Apache
CVSS  10 (Critical)
CVE 2020-13942  
Target Apache Unomi <=1.5.1
Outcome RCE
Patch Availability Yes Patched version 1.5.2

Apache Unomi is a Java Open Source customer data platform designed to provide personalized customer experience. It can be integrated with CRMs, Applications, CMSs etc. And because of its efficient integration with other critical services, compromising Unomi is an ideal entry point into protected corporate networks.

Modus operandi

Attackers can craft malicious HTTP requests to Unomi servers, specifically to the /context.js\json endpoint of the server, containing arbitrary commands using Java-specific Expression Language (EL) like MVEL and OGNL. Due to insecure handling of classes (loading arbitrary classes and invoking methods) commands will get executed on the target server’s operating system within the security context of the Unomi application.

Impact

Technical Impact

Threat actors can initiate attacks, using compromised Unomi servers, to target associated critical services.
Carry out the lateral movement to compromise customer data.
Launch attacks against segmented networks thus compromising the entire network domain.

Business Impact

Compromise sensitive customer/client data.
Data breaches tarnish an organization’s reputation and branding.
Threat actors could abuse vulnerabilities to launch ransomware attacks against the target.

Mitigation

Update Apache Unomi to version 1.5.2 or above.

Be informed in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.

Join the Discussions

Discuss your way into our Community about these threats and stay Vigilant and informed.