Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-11987

Опубликовано: 24 фев. 2021
Источник: nvd
CVSS3: 8.2
CVSS2: 6.4
EPSS Низкий

Описание

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*
Версия до 1.13 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
Версия от 14.1.0 (включая) до 14.4.0 (включая)
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*
Версия от 11.0 (включая) до 11.3.1 (включая)
cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00573
Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2020-11987

CVSS3: 8.2
ubuntu
почти 5 лет назад

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

redhat логотип

CVE-2020-11987

CVSS3: 8.2
redhat
почти 5 лет назад

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

debian логотип

CVE-2020-11987

CVSS3: 8.2
debian
почти 5 лет назад

Apache Batik 1.13 is vulnerable to server-side request forgery, caused ...

github логотип

GHSA-2h63-qp69-fwvw

CVSS3: 8.2
github
около 4 лет назад

Server-side request forgery (SSRF) in Apache Batik

suse-cvrf логотип

SUSE-SU-2024:0777-1

suse-cvrf
почти 2 года назад

Security update for xmlgraphics-batik

EPSS

Процентиль: 68%
0.00573
Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-20