What is CVE-2020-1954?

CVE-2020-1954 is a vulnerability in Apache Cxf. Published 2020-04-01.

Is CVE-2020-1954 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Cxf

CVE-2020-1954

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vu…

EPSS: 0.002 (44.3th percentile) — read the EPSS interpretation.

Affected products

Apache Cxf — versions affects all versions prior to 3.3.6 and 3.2.13

Public proof-of-concept exploits

n0-traces/cve_

References

www.oracle.com/security-alerts/cpuoct2020.html (x_refsource_MISC)
cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc (x_refsource_MISC)
[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
security.netapp.com/advisory/ntap-20220210-0001/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-1954?: CVE-2020-1954 is a vulnerability in Apache Cxf. Published 2020-04-01.
Is CVE-2020-1954 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.