{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T07:25:42.492","vulnerabilities":[{"cve":{"id":"CVE-2017-15703","sourceIdentifier":"security@apache.org","published":"2018-01-25T21:29:00.207","lastModified":"2024-11-21T03:15:02.207","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Any authenticated user (valid client certificate but without ACL permissions) could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the appropriate release."},{"lang":"es","value":"Cualquier usuario autenticado (certificado de cliente válido pero sin permisos de listas de control de acceso) podía cargar una plantilla que contenga código malicioso y provocar una denegación de servicio (DoS) mediante un ataque de deserialización de Java. La solución para manejar la deserialización de Java se aplicó en la distribución 1.4.0 de Apache NiFi. Los usuarios que ejecuten una distribución 1.x anterior deben actualizarla a la distribución adecuada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:N/A:P","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.4.0","matchCriteriaId":"B5699FDF-232B-4292-85C3-7835CAC2229B"}]}]}],"references":[{"url":"https://nifi.apache.org/security.html#CVE-2017-15703","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://nifi.apache.org/security.html#CVE-2017-15703","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}