CVE-2020-13936
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
Affected (28)
Products: Apache: Velocity Engine, Wss4j · Debian: Debian Linux · Oracle: Banking Deposits And Lines Of Credit Servicing, Banking Enterprise Default Management, Banking Loans Servicing, Banking Party Management, Banking Platform, Communications Cloud Native Core Policy, Communications Network Integrity, Hospitality Token Proxy Service, Retail Integration Bus, Retail Order Broker, Retail Service Backbone, Retail Xstore Office Cloud Service, Utilities Testing Accelerator
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.3 | |
| Version 2.3.1 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.12.0 | |
| From 2.3.0 to 2.4.1 | |
| Version 2.12.0 | |
| Version 2.7.0 | |
| From 2.3.0 to 2.4.1 | |
| Version 1.14.0 | |
| Version 7.3.6 | |
| Version 19.2 | |
| Version 19.0.1 | |
| Version 16.0 | |
| Version 19.0.1 | |
| Version 16.0.6 | |
| Version 6.0.0.1.1 |
References (48)
Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Mailing ListVendor Advisory
Source: security@apache.org
Mailing ListVendor Advisory
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
PatchThird Party Advisory
Source: security@apache.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Timeline
No history available yet.