CVE-2020-13940 is a vulnerability in Apache NiFi
Published on October 1, 2020

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE).

NVD

Products Associated with CVE-2020-13940

Want to know whenever a new CVE is published for Apache NiFi? stack.watch will email you.

Apache NiFi

Exploit Probability

EPSS

0.96%

Percentile

76.19%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-13940 is a vulnerability in Apache NiFiPublished on October 1, 2020

Products Associated with CVE-2020-13940

Exploit Probability

CVE-2020-13940 is a vulnerability in Apache NiFi
Published on October 1, 2020