Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2020-11987

Published

3 years ago

Last Modified

2 months ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests..

CVSSv2.0 Score

Severity: Medium
Base Score: 6.4/10
Exploit Score: 10/10
Access Vector: Network
Access Complexity: Low
Authentication Required: None
Impact Score: 4.9/10
Confidentiality Impact: Partial
Availability Impact: None
Integrity Impact: Partial

CVSSv3.1 Score

Severity: High
Base Score: 8.2/10
Exploit Score: 3.9/10
Access Vector: Network
Access Complexity: Low
Privileges Required: None
Impact Score: 4.2/10
Confidentiality Impact: High
Availability Impact: None
Integrity Impact: Low
Scope: Unchanged
User Interaction: None

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:apache:batik::::::::	Yes	-	-
cpe:2.3:o:fedoraproject:fedora:33:::::::*	Yes	-	-
cpe:2.3:o:fedoraproject:fedora:34:::::::*	Yes	-	-
cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:::::*:	Yes	-	-
cpe:2.3:a:oracle:retail_back_office:14.1:::::::*	Yes	-	-
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:::::::*	Yes	-	-
cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*	Yes	-	-
cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*	Yes	-	-
cpe:2.3:a:oracle:retail_returns_management:14.1:::::::	Yes	-	-
cpe:2.3:a:oracle:retail_central_office:14.1:::::::*	Yes	-	-
cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*	Yes	-	-
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::	Yes	-	-
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::	Yes	-	-
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::	Yes	-	-
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:::	Yes	-	-
cpe:2.3:a:oracle:banking_digital_experience:18.3::::::	Yes	-	-
cpe:2.3:a:oracle:banking_digital_experience:19.1::::::	Yes	-	-
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*	Yes	-	-
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:::	Yes	-	-
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*	Yes	-	-
cpe:2.3:a:oracle:banking_digital_experience:19.2::::::	Yes	-	-
cpe:2.3:a:oracle:banking_digital_experience:20.1::::::	Yes	-	-
cpe:2.3:a:oracle:communications_offline_mediation_controller	Yes	-	-
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*	Yes	-	-
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:::	Yes	-	-
cpe:2.3:a:oracle:communications_application_session_controll	Yes	-	-
cpe:2.3:a:oracle:insurance_policy_administration::::::	Yes	11.0	-
cpe:2.3:a:oracle:retail_order_management_system_cloud_servic	Yes	-	-
cpe:2.3:a:oracle:flexcube_universal_banking::::::::	Yes	14.1.0	-
cpe:2.3:a:oracle:banking_digital_experience:21.1::::::	Yes	-	-
cpe:2.3:a:oracle:banking_apis:19.1:::::::*	Yes	-	-
cpe:2.3:a:oracle:banking_apis:19.2:::::::*	Yes	-	-
cpe:2.3:a:oracle:banking_apis:20.1:::::::*	Yes	-	-
cpe:2.3:a:oracle:banking_apis:21.1:::::::*	Yes	-	-
cpe:2.3:a:oracle:banking_apis:18.3:::::::*	Yes	-	-
cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:::::*	Yes	-	-
cpe:2.3:o:debian:debian_linux:10.0:::::::*	Yes	-	-

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2020-11987

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

CVE-2020-11987

CVE information

Published

Last Modified

CVSSv2.0 Severity

CVSSv3.1 Severity

Impact Analysis

Share

Description

CVSSv2.0 Score

CVSSv3.1 Score

Products Affected

References