Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2020-11987
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.4/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 4.9/10
- Confidentiality Impact
- Partial
- Availability Impact
- None
- Integrity Impact
- Partial
CVSSv3.1 Score
- Severity
- High
- Base Score
- 8.2/10
- Exploit Score
- 3.9/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 4.2/10
- Confidentiality Impact
- High
- Availability Impact
- None
- Integrity Impact
- Low
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_offline_mediation_controller |
Yes
|
- | - | |
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_application_session_controll |
Yes
|
- | - | |
cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:* |
Yes
|
11.0 | - | |
cpe:2.3:a:oracle:retail_order_management_system_cloud_servic |
Yes
|
- | - | |
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* |
Yes
|
14.1.0 | - | |
cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- https://xmlgraphics.apache.org/security.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html
- https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f170
- https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://security.gentoo.org/glsa/202401-11