Patch Released for Critical Apache Unomi RCE Vulnerability
Published 05 December 2020
- Apache Unomi is a Java Open Source customer data platform designed to provide personalized customer experience.
- Since it can be integrated with CRMs, Applications, CMSs etc. And because of its efficient integration with other critical services, compromising Unomi is an ideal entry point into protected corporate networks.
Share this Threat Intel:
Advisory | Vulnerability Intelligence |
Vendor | Apache |
CVSS | 10 (Critical) |
CVE | 2020-13942 |
Target | Apache Unomi <=1.5.1 |
Outcome | RCE |
Patch Availability | Yes Patched version 1.5.2 |
Apache Unomi is a Java Open Source customer data platform designed to provide personalized customer experience. It can be integrated with CRMs, Applications, CMSs etc. And because of its efficient integration with other critical services, compromising Unomi is an ideal entry point into protected corporate networks.
Modus operandi
Attackers can craft malicious HTTP requests to Unomi servers, specifically to the /context.js\json endpoint of the server, containing arbitrary commands using Java-specific Expression Language (EL) like MVEL and OGNL. Due to insecure handling of classes (loading arbitrary classes and invoking methods) commands will get executed on the target server’s operating system within the security context of the Unomi application.
Impact
Technical Impact
Threat actors can initiate attacks, using compromised Unomi servers, to target associated critical services.
Carry out the lateral movement to compromise customer data.
Launch attacks against segmented networks thus compromising the entire network domain.
Business Impact
Compromise sensitive customer/client data.
Data breaches tarnish an organization’s reputation and branding.
Threat actors could abuse vulnerabilities to launch ransomware attacks against the target.
Mitigation
Update Apache Unomi to version 1.5.2 or above.
Be informed in your Inbox
Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.
Join the Discussions
Discuss your way into our Community about these threats and stay Vigilant and informed.