Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 - Vulnerability Database

Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950

Description

Oracle Business Intelligence is vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform denial of service attack.

Remediation

Upgrade to the latest version of Oracle Business Intelligence

References

Oracle Critical Patch Update Advisory - April 2020
Java Unmarshaller Security - Turning your data into code execution

Related Vulnerabilities

Liferay TunnelServlet Deserialization Remote Code Execution High
Common tags: Code Execution Insecure Deserialization Denial Of Service Acumonitor
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070) High
Common tags: Code Execution Insecure Deserialization Denial Of Service Acumonitor
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587) High
Common tags: Code Execution Insecure Deserialization Denial Of Service Acumonitor
SAP Hybris Deserialization RCE High
Common tags: Code Execution Insecure Deserialization Denial Of Service Acumonitor
ColdFusion AMF Deserialization RCE High
Common tags: Code Execution Insecure Deserialization Denial Of Service Acumonitor

Severity

High

Classification

CVE-2020-2950
CWE-502
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution
Insecure Deserialization
Denial Of Service
Acumonitor