cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-39913,https://securityvulnerability.io/vulnerability/CVE-2023-39913,"Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats","The Apache UIMA Java SDK is vulnerable to a deserialization of untrusted data issue due to improper input validation during the deserialization of Java objects. This vulnerability affects various components including the CAS serialization utilities and the CAS Editor Eclipse plugin. When serialized data is deserialized, there is no verification, potentially allowing for arbitrary code execution, especially in deployed services using the Vinci Analysis Engine. Users are encouraged to upgrade to version 3.5.0, which incorporates enhanced input validation measures and restricts the deserialization process to safer practices. For optimum security, it is also recommended to run UIMA under Java 9+, allowing configuration of ObjectInputFilters to further restrict deserialization behavior.",Apache,"Apache Uima Java Sdk Core,Apache Uima Java Sdk Cpe,Apache Uima Java Sdk Vinci Adapter,Apache Uima Java Sdk Tools",8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-11-08T08:15:00.000Z,0
CVE-2023-28935,https://securityvulnerability.io/vulnerability/CVE-2023-28935,Apache UIMA DUCC: DUCC (EOL) allows RCE,"An improper neutralization of special elements used in a command vulnerability exists within the Apache UIMA's Distributed UIMA Cluster Computing (DUCC) module. An authenticated user with permissions to alter core entities could exploit this flaw to execute arbitrary commands as the system user that runs the web process. It's crucial to note that this module is retired, and Apache does not intend to provide any patches, making affected systems particularly vulnerable.",Apache,Apache Uima Ducc,8.8,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2023-03-30T10:15:00.000Z,0
CVE-2022-32287,https://securityvulnerability.io/vulnerability/CVE-2022-32287,Apache UIMA prior to 3.3.1 has a path traversal vulnerability when extracting (PEAR) archives,A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine.,Apache,Apache Uima,7.5,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2022-11-03T00:00:00.000Z,0
CVE-2018-8035,https://securityvulnerability.io/vulnerability/CVE-2018-8035,,"This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.",Apache,Apache Uima Ducc,6.1,MEDIUM,0.0049600000493228436,false,,false,false,false,,,false,false,,2019-05-01T20:16:55.000Z,0
CVE-2017-15691,https://securityvulnerability.io/vulnerability/CVE-2017-15691,,"In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.",Apache,Apache Uima,6.5,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2018-04-26T00:00:00.000Z,0