PT-2020-20698 · Apache · Apache Nifi

Published

2020-10-01

Updated

2025-09-12

CVE-2020-9491

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.2.0 through 1.11.4

Description The issue concerns the support of outdated TLS versions in intracluster communication. Specifically, cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1, despite the NiFi UI and API mandating TLS v1.2.

Recommendations For Apache NiFi versions 1.2.0 through 1.11.4, consider updating the configuration to only support TLS v1.2 or later for intracluster communication to minimize the risk of exploitation.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

BIT-NIFI-2020-9491

CVE-2020-9491

GHSA-RFMP-JVR7-HX78

Affected Products

Apache Nifi

PT-2020-20698 · Apache · Apache Nifi

CVE-2020-9491

Weakness Enumeration

Related Identifiers

Affected Products

References · 11