CVE-2020-13936
Last modified
CVE-2020-13936 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.. EPSS estimates a 22.71% chance of exploitation in the next 30 days.
Description
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Velocity Engine | < 2.3 |
| Apache | Wss4j | 2.3.1 |
| Debian | Debian Linux | 9.0 |
| Oracle | Banking Deposits And Lines Of Credit Servicing | 2.12.0 |
| Oracle | Banking Enterprise Default Management | >= 2.3.0, <= 2.4.1 |
| Oracle | Banking Enterprise Default Management | 2.6.2 |
| Oracle | Banking Enterprise Default Management | 2.7.1 |
| Oracle | Banking Enterprise Default Management | 2.10.0 |
| Oracle | Banking Enterprise Default Management | 2.12.0 |
| Oracle | Banking Loans Servicing | 2.12.0 |
| Oracle | Banking Party Management | 2.7.0 |
| Oracle | Banking Platform | >= 2.3.0, <= 2.4.1 |
| Oracle | Banking Platform | 2.6.2 |
| Oracle | Banking Platform | 2.7.1 |
| Oracle | Communications Cloud Native Core Policy | 1.14.0 |
| Oracle | Communications Network Integrity | 7.3.6 |
| Oracle | Hospitality Token Proxy Service | 19.2 |
| Oracle | Retail Integration Bus | 19.0.1 |
| Oracle | Retail Order Broker | 16.0 |
| Oracle | Retail Service Backbone | 19.0.1 |
| Oracle | Retail Xstore Office Cloud Service | 16.0.6 |
| Oracle | Retail Xstore Office Cloud Service | 17.0.4 |
| Oracle | Retail Xstore Office Cloud Service | 18.0.3 |
| Oracle | Retail Xstore Office Cloud Service | 19.0.2 |
| Oracle | Retail Xstore Office Cloud Service | 20.0.1 |
| Oracle | Utilities Testing Accelerator | 6.0.0.1.1 |
| Oracle | Utilities Testing Accelerator | 6.0.0.2.2 |
| Oracle | Utilities Testing Accelerator | 6.0.0.3.1 |
References
- http://www.openwall.com/lists/oss-security/2021/03/10/1Mailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/03/msg00019.htmlMailing List, Third Party Advisory
- https://security.gentoo.org/glsa/202107-52Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/03/10/1Mailing List, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/03/msg00019.htmlMailing List, Third Party Advisory
- https://security.gentoo.org/glsa/202107-52Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-13936?
How severe is CVE-2020-13936?
How do I fix CVE-2020-13936?
Are you affected by CVE-2020-13936?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST