CVE-2020-1960

🔶 medium

Summary

A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's co

Description

CVSS Score

4.7

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2020-05-14

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 13.8% of all 328,009 vulnerabilities in our database.

#282,765

Below average severity

Severity Percentile

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Vendor	Product	Status	Affected Versions
apache	flink	Affected	≥ 1.1.0 ≤ 1.1.5
apache	flink	Affected	≥ 1.2.0 ≤ 1.2.1
apache	flink	Affected	≥ 1.3.0 ≤ 1.3.3
apache	flink	Affected	≥ 1.4.0 ≤ 1.4.2
apache	flink	Affected	≥ 1.5.0 ≤ 1.5.6
apache	flink	Affected	≥ 1.6.0 ≤ 1.6.4
apache	flink	Affected	≥ 1.7.0 ≤ 1.7.2
apache	flink	Affected	≥ 1.8.0 ≤ 1.8.3
apache	flink	Affected	≥ 1.9.0 ≤ 1.9.2
apache	flink	Affected	v1.10.0

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-35194	⚠️ high	8.1	0.1	Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated u...	2026-05-15
CVE-2020-17518	⚠️ high	7.5	93.8	Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the l...	2021-01-05
CVE-2020-17519	⚠️ high	7.5	94.4	A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file...	2021-01-05

CVE-2020-1960

Summary

Description

📊 Relative Risk Intelligence

📦 Affected Products 10

🔗 References 4

🔗 Related CVEs 3