CVE-2020-11975

CRITICAL EXPLOITED NUCLEI

Apache Unomi < 1.5.1 and 1.5.2-1.5.3 - Remote Code Execution via OGNL Scripting

Title source: llm

Exploitation Summary

CVE-2020-11975 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including 1135. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains proof-of-concept exploits for CVE-2020-11975 and CVE-2020-13942, targeting Apache Unomi. The exploits leverage OGNL and MVEL injection to achieve remote code execution (RCE) by manipulating the 'propertyName' and 'parameterValues' fields in HTTP POST requests to the '/context.json' endpoint.

Description

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.

Exploits (1)

nomisec WORKING POC 6 stars

by 1135 · remote

https://github.com/1135/unomi_exploit

View Code ZIP pw:eip

This repository contains proof-of-concept exploits for CVE-2020-11975 and CVE-2020-13942, targeting Apache Unomi. The exploits leverage OGNL and MVEL injection to achieve remote code execution (RCE) by manipulating the 'propertyName' and 'parameterValues' fields in HTTP POST requests to the '/context.json' endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Apache Unomi <= 1.5.1

No auth needed

Prerequisites: Network access to the target Apache Unomi instance · Target running a vulnerable version of Apache Unomi (<= 1.5.1)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Apache Unomi - Remote Code Execution

CRITICALVERIFIEDby Sourabh-Sahu

Shodan: http.title:"Apache Unomi"

FOFA: title="Apache Unomi"

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_misc

http://unomi.apache.org/security/cve-2020-11975.txt

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r01021bc4b25c1e98812efca0b07f0e078a6281bd52f7c3817a429d95%40%3Ccommits.unomi.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r79672c25e0ef9bb4b9148376281200a8e61c6d5ef5bb705e9a363460%40%3Ccommits.unomi.apache.org%3E

Scores

CVSS v3 9.8

EPSS 0.2989

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-04-12

Status published

Products (2)

apache/unomi < 1.5.1

org.apache.unomi/unomi 0 - 1.5.4Maven

Published Jun 05, 2020

Tracked Since Feb 18, 2026