| Revision Date: | 2023-06-22 | Version: | 1 |
| Title: | CVE-2020-13936 |
| Description: |
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | Mitre CVE-2020-13936
SUSE CVE-2020-13936
SUSE-SU-2021:0800-1
openSUSE-SU-2021:0447-1
SUSE-SU-2022:3397-1
SUSE-SU-2022:3560-1
|
| Platform(s): | openSUSE Leap 15.2
openSUSE Leap 15.3 SLE Imports
openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Module for Development Tools 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP4
SUSE Linux Enterprise Module for Development Tools 15 SP5
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
| Product(s): | |
| Definition Synopsis |
| openSUSE Leap 15.2 is installed AND Package Information
velocity-1.7-lp152.5.3.1 is installed
AND velocity is signed with openSUSE key
OR
velocity-demo-1.7-lp152.5.3.1 is installed
AND velocity-demo is signed with openSUSE key
OR
velocity-javadoc-1.7-lp152.5.3.1 is installed
AND velocity-javadoc is signed with openSUSE key
OR
velocity-manual-1.7-lp152.5.3.1 is installed
AND velocity-manual is signed with openSUSE key
|
| Definition Synopsis |
| openSUSE Leap 15.3 SLE Imports is installed
AND Package Information
velocity-1.7-3.3.1 is installed
AND velocity is signed with openSUSE key
OR
velocity-demo-1.7-3.3.1 is installed
AND velocity-demo is signed with openSUSE key
OR
velocity-javadoc-1.7-3.3.1 is installed
AND velocity-javadoc is signed with openSUSE key
OR
velocity-manual-1.7-3.3.1 is installed
AND velocity-manual is signed with openSUSE key
|
| Definition Synopsis |
| openSUSE Tumbleweed is installed
AND Package Information
velocity-1.7-9.3 is installed
OR velocity-custom-parser-example-2.2-1.1 is installed
OR velocity-demo-1.7-9.3 is installed
OR velocity-engine-core-2.2-1.1 is installed
OR velocity-engine-examples-2.2-1.1 is installed
OR velocity-engine-javadoc-2.2-1.1 is installed
OR velocity-engine-parent-2.2-1.1 is installed
OR velocity-engine-scripting-2.2-1.1 is installed
OR velocity-javadoc-1.7-9.3 is installed
OR velocity-manual-1.7-9.3 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
AND velocity-1.7-3.3.1 is installed
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
AND velocity-1.7-3.3.1 is installed
OR Package Information
SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed
AND velocity-1.7-3.3.1 is installed
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 15 SP3 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed
OR SUSE Linux Enterprise Server 15 SP3 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
OR SUSE Linux Enterprise Storage 7.1 is installed
OR SUSE Manager Proxy 4.2 is installed
OR SUSE Manager Retail Branch Server 4.2 is installed
OR SUSE Manager Server 4.2 is installed
AND velocity-1.7-3.3.1 is installed
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 15 SP2 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP2 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
OR SUSE Linux Enterprise Server 15 SP2 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
OR SUSE Linux Enterprise Storage 7 is installed
OR SUSE Manager Proxy 4.1 is installed
OR SUSE Manager Retail Branch Server 4.1 is installed
OR SUSE Manager Server 4.1 is installed
AND velocity-1.7-3.3.1 is installed
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 15 SP4 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP4 is installed
OR SUSE Linux Enterprise Server 15 SP4 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
OR SUSE Manager Proxy 4.3 is installed
OR SUSE Manager Retail Branch Server 4.3 is installed
OR SUSE Manager Server 4.3 is installed
AND velocity-1.7-3.3.1 is installed
|
| Definition Synopsis |
| Release Information
SUSE Linux Enterprise Desktop 15 SP5 is installed
OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
OR SUSE Linux Enterprise Module for Development Tools 15 SP5 is installed
OR SUSE Linux Enterprise Server 15 SP5 is installed
OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
AND Package Information
snakeyaml-1.33-150200.3.12.4 is installed
OR velocity-1.7-150200.3.7.3 is installed
|