CVE-2020-13936

Published Mar 10, 2021

Last updated a year ago

CVSS high 8.8

Overview

Description: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:velocity_engine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE517B12-7101-4325-9037-A0839126C725",
            "versionEndExcluding": "2.3"
          },
          {
            "criteria": "cpe:2.3:a:apache:wss4j:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F17078E-4D83-49E7-99CE-5174C073DD68"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F834ACC-D65B-4CA3-91F1-415CBC6077E2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0445461D-21F4-4744-91E3-A92C673E947D",
            "versionEndIncluding": "2.4.1",
            "versionStartIncluding": "2.3.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "473749BD-267E-480F-8E7F-C762702DB66E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E502A46-BAF4-4558-BC8F-9F014A2FB26A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D0F559E-0790-461B-ACED-5B00F4D40893",
            "versionEndIncluding": "2.4.1",
            "versionStartIncluding": "2.3.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175"
          },
          {
            "criteria": "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7D45E2D-241B-4839-B255-A81107BF94BF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_office_cloud_service:16.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DEDDCE7-7763-4F8B-AB25-EC3D8899303A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_office_cloud_service:17.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45F95965-9958-4F05-819D-C59FAE2E1D4E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_office_cloud_service:18.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7E4D2EE-7439-4958-9503-9A3974DC86D0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_office_cloud_service:19.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8F03331-16D3-440F-9577-D2A7835F7638"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_office_cloud_service:20.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E6216CE-BB56-4996-B6C1-D461EEFD496E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5B4C338-11E1-4235-9D5A-960B2711AC39"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C93F84E-9680-44EF-8656-D27440B51698"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References