CVE-2020-13936

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-03-2021 09:15

Last modified: - 12-05-2022 04:34

Total changes: - 22

Description

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

8.8

Base score

2.8

5.9

Exploitability score

Impact score

Verification logic

vendor=apache AND product=velocity_engine AND versionEndExcluding=2.3

vendor=apache AND product=wss4j AND version=2.3.1

vendor=Debian AND product=debian_linux AND version=9.0

vendor=oracle AND product=retail_order_broker AND version=16.0

vendor=oracle AND product=banking_platform AND version=2.6.2

vendor=oracle AND product=banking_platform AND version=2.7.1

vendor=oracle AND product=communications_network_integrity AND version=7.3.6

vendor=oracle AND product=banking_enterprise_default_management AND version=2.12.0

vendor=oracle AND product=banking_enterprise_default_management AND version=2.10.0

vendor=oracle AND product=banking_party_management AND version=2.7.0

vendor=oracle AND product=utilities_testing_accelerator AND version=6.0.0.2.2

vendor=oracle AND product=utilities_testing_accelerator AND version=6.0.0.3.1

vendor=oracle AND product=utilities_testing_accelerator AND version=6.0.0.1.1

vendor=oracle AND product=banking_deposits_and_lines_of_credit_servicing AND version=2.12.0

vendor=oracle AND product=banking_enterprise_default_management AND versionEndIncluding=2.4.1 AND versionStartIncluding=2.3.0

vendor=oracle AND product=banking_enterprise_default_management AND version=2.6.2

vendor=oracle AND product=banking_enterprise_default_management AND version=2.7.1

vendor=oracle AND product=banking_loans_servicing AND version=2.12.0

vendor=oracle AND product=banking_platform AND versionEndIncluding=2.4.1 AND versionStartIncluding=2.3.0

vendor=oracle AND product=communications_cloud_native_core_policy AND version=1.14.0

vendor=oracle AND product=hospitality_token_proxy_service AND version=19.2

vendor=oracle AND product=retail_integration_bus AND version=19.0.1

vendor=oracle AND product=retail_service_backbone AND version=19.0.1

vendor=oracle AND product=retail_xstore_office_cloud_service AND version=16.0.6

vendor=oracle AND product=retail_xstore_office_cloud_service AND version=17.0.4

vendor=oracle AND product=retail_xstore_office_cloud_service AND version=18.0.3

vendor=oracle AND product=retail_xstore_office_cloud_service AND version=19.0.2

vendor=oracle AND product=retail_xstore_office_cloud_service AND version=20.0.1

Reference

N/A-Mailing List, Vendor Advisory
[velocity-user] 20210310 CVE-2020-13936: Velocity Sandbox Bypass-Mailing List, Vendor Advisory
[velocity-commits] 20210310 [velocity-site] 01/01: CVE announcement-Mailing List, Patch, Vendor Advisory
[announce] 20210310 CVE-2020-13936: Velocity Sandbox Bypass-Mailing List, Vendor Advisory
[oss-security] 20210309 CVE-2020-13936: Velocity Sandbox Bypass-Mailing List, Third Party Advisory
[druid-commits] 20210316 [GitHub] [druid] clintropolis opened a new pull request #11002: suppress CVE check for security fix-Mailing List, Vendor Advisory
[debian-lts-announce] 20210317 [SECURITY] [DLA 2595-1] velocity security update-Mailing List, Third Party Advisory
[ws-dev] 20210318 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
[ws-dev] 20210318 [jira] [Created] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
[ws-dev] 20210319 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
[ws-dev] 20210319 [jira] [Comment Edited] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
[ws-dev] 20210322 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
[santuario-dev] 20210323 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #33: Bump dependency-check-maven from 6.1.2 to 6.1.3-Mailing List, Vendor Advisory
[ws-dev] 20210324 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
[ws-dev] 20210325 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
[ws-dev] 20210325 [jira] [Updated] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
[turbine-commits] 20210329 svn commit: r1888167 - /turbine/core/trunk/pom.html-Mailing List, Patch, Vendor Advisory
[ws-dev] 20210331 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
[ws-dev] 20210401 [jira] [Commented] (WSS-683) WSS4J depends on Velocity 1.7 which contains a security vulnerability (CVE-2020-13936)-Mailing List, Vendor Advisory
GLSA-202107-52-Third Party Advisory
[activemq-users] 20210830 Security issues-Mailing List, Vendor Advisory
[activemq-users] 20210831 RE: Security issues-Mailing List, Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html

Keywords

CVE-2020-13936

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-13936

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures