Vulnerability Name: CVE-2020-11987 (CCN-197372) Assigned: 2020-04-21 Published: 2021-02-24 Updated: 2022-07-25 Summary: Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. CVSS v3 Severity: 8.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): LowAvailibility (A): None
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-20 CWE-918 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2020-11987 apache-cve202011987-ssrf(197372) [poi-dev] 20210308 [Bug 65166] Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988) [poi-dev] 20210304 [Bug 65166] New: Apache Batik 1.13 vulnerabilities (CVE-2020-11987, CVE-2020-11988) FEDORA-2021-33a1b73e48 FEDORA-2021-65ff5f10e2 [CVE-2020-11987] Apache XML Graphics Batik SSRF vulnerability IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities BM TRIRIGA Application Platform discloses CVE-2020-11987 Multiple Vulnerabilities discovered in libraries used by TCRtoolkit in ITNM N/A Oracle Critical Patch Update Advisory - April 2021 https://www.oracle.com/security-alerts/cpuApr2021.html Oracle Critical Patch Update Advisory - January 2022 https://www.oracle.com/security-alerts/cpujan2022.html Oracle Critical Patch Update Advisory - July 2021 Oracle Critical Patch Update Advisory - July 2022 N/A Oracle Critical Patch Update Advisory - October 2021 https://www.oracle.com/security-alerts/cpuoct2021.html CVE-2020-11987 Apache XML Graphics Batik https://xmlgraphics.apache.org/security.html Vulnerable Configuration: Configuration 1 :cpe:/a:apache:batik:*:*:*:*:*:*:*:* (Version <= 1.13)Configuration 2 :cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:* OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:* Configuration 3 :cpe:/a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* OR cpe:/a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* OR cpe:/a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* OR cpe:/a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:* (Version >= 11.0 and <= 11.3.1) OR cpe:/a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* (Version >= 14.1.0 and <= 14.4.0) OR cpe:/a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:19.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:19.2:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:20.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:21.1:*:*:*:*:*:*:* OR cpe:/a:oracle:banking_apis:18.3:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:ibm:tririga_application_platform:2.7:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:* OR cpe:/a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* OR cpe:/a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p8:*:*:*:*:*:* Oval Definitions BACK
apache batik *
fedoraproject fedora 33
fedoraproject fedora 34
oracle enterprise repository 11.1.1.7.0
oracle retail back office 14.1
oracle retail order broker 15.0
oracle retail order broker 16.0
oracle retail returns management 14.1
oracle retail central office 14.1
oracle retail point-of-service 14.1
oracle instantis enterprisetrack 17.1
oracle instantis enterprisetrack 17.2
oracle instantis enterprisetrack 17.3
oracle communications metasolv solution 6.3.0
oracle banking digital experience 18.3
oracle banking digital experience 19.1
oracle fusion middleware mapviewer 12.2.1.4.0
oracle banking digital experience 19.2
oracle banking digital experience 20.1
oracle communications offline mediation controller 12.0.0.3.0
oracle communications metasolv solution 6.3.1
oracle communications application session controller 3.9m0p3
oracle insurance policy administration *
oracle retail order management system cloud service 19.5
oracle flexcube universal banking *
oracle banking digital experience 21.1
oracle banking apis 19.1
oracle banking apis 19.2
oracle banking apis 20.1
oracle banking apis 21.1
oracle banking apis 18.3
ibm tririga application platform 2.7
oracle retail point-of-service 14.1
oracle retail order broker cloud service 15.0
oracle retail order broker cloud service 16.0
oracle weblogic server 12.2.1.3.0
oracle retail back office 14.1
oracle retail returns management 14.1
oracle enterprise repository 11.1.1.7.0
oracle instantis enterprisetrack 17.1
oracle instantis enterprisetrack 17.2
oracle communications metasolv solution 6.3.0
oracle retail central office 14.1
oracle instantis enterprisetrack 17.3
ibm qradar security information and event manager 7.3.0
ibm qradar security information and event manager 7.4.0
ibm qradar security information and event manager 7.4.3 -
ibm qradar security information and event manager 7.3.3 p8
Denotes that component is vulnerable