cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-28935,https://securityvulnerability.io/vulnerability/CVE-2023-28935,Apache UIMA DUCC: DUCC (EOL) allows RCE,"An improper neutralization of special elements used in a command vulnerability exists within the Apache UIMA's Distributed UIMA Cluster Computing (DUCC) module. An authenticated user with permissions to alter core entities could exploit this flaw to execute arbitrary commands as the system user that runs the web process. It's crucial to note that this module is retired, and Apache does not intend to provide any patches, making affected systems particularly vulnerable.",Apache,Apache Uima Ducc,8.8,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2023-03-30T10:15:00.000Z,0
CVE-2018-8035,https://securityvulnerability.io/vulnerability/CVE-2018-8035,,"This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code.",Apache,Apache Uima Ducc,6.1,MEDIUM,0.0049600000493228436,false,,false,false,false,,,false,false,,2019-05-01T20:16:55.000Z,0