Skip to main content

Yet Another Java Service Wrapper

1 CVEs product

Monthly

CVE-2020-6958 CRITICAL POC Act Now

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Yet Another Java Service Wrapper
NVD GitHub
CVSS 3.1
9.1
EPSS
2.4%
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Yet Another Java Service Wrapper
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy