Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
01 Feb 2024, 01:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* |
|
References |
|
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Apr 2022, 13:32
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:* |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2021, 21:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* |
10 Dec 2021, 18:13
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_officeretail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:* |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-02-24 18:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-11987
Mitre link : CVE-2020-11987
CVE.ORG link : CVE-2020-11987
JSON object : View
Products Affected
oracle
- banking_digital_experience
- retail_returns_management
- fusion_middleware_mapviewer
- retail_central_office
- retail_order_management_system_cloud_service
- flexcube_universal_banking
- retail_order_broker
- communications_metasolv_solution
- communications_application_session_controller
- retail_point-of-service
- product_lifecycle_analytics
- enterprise_repository
- retail_back_office
- instantis_enterprisetrack
- weblogic_server
- banking_apis
- communications_offline_mediation_controller
- insurance_policy_administration
- agile_engineering_data_management
debian
- debian_linux
apache
- batik
fedoraproject
- fedora