CVE-2020-9761

Name of the Vulnerable Software and Affected Versions UNCTAD ASYCUDA World versions 2001 through 2020

Description The Java RMI Server in UNCTAD ASYCUDA World has an insecure default configuration. This leads to Java code execution from a remote URL because an RMI Distributed Garbage Collector method is called.

Recommendations For versions 2001 through 2020, consider reconfiguring the Java RMI Server to secure its default settings, focusing on proper configuration of the RMI Distributed Garbage Collector method to prevent remote code execution. As a temporary workaround, restrict access to the Java RMI Server until a secure configuration can be implemented.