Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 04:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E - Mailing List, Vendor Advisory | |
References | () https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E - Mailing List, Vendor Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5/ - Mailing List, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/202401-11 - Third Party Advisory | |
References | () https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | () https://xmlgraphics.apache.org/security.html - Release Notes, Vendor Advisory |
01 Feb 2024, 01:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* |
|
References |
|
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Apr 2022, 13:32
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:* |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2021, 21:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* |
10 Dec 2021, 18:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_central_officeretail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-02-24 18:15
Updated : 2024-11-21 04:59
NVD link : CVE-2020-11987
Mitre link : CVE-2020-11987
CVE.ORG link : CVE-2020-11987
JSON object : View
Products Affected
oracle
- agile_engineering_data_management
- communications_application_session_controller
- product_lifecycle_analytics
- retail_point-of-service
- communications_metasolv_solution
- banking_digital_experience
- retail_back_office
- retail_central_office
- communications_offline_mediation_controller
- banking_apis
- weblogic_server
- retail_order_management_system_cloud_service
- insurance_policy_administration
- retail_returns_management
- fusion_middleware_mapviewer
- instantis_enterprisetrack
- enterprise_repository
- flexcube_universal_banking
- retail_order_broker
fedoraproject
- fedora
debian
- debian_linux
apache
- batik