CVE-2020-11987

batik: SSRF due to improper input validation by the NodePickerPanel

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Apache Batik versión 1.13 es vulnerable a un ataque de tipo server-side request forgery, causada por una comprobación de entrada inapropiada por parte de NodePickerPanel. Al usar un argumento especialmente diseñado, un atacante podría explotar esta vulnerabilidad para causar que el servidor subyacente lleve a cabo peticiones GET arbitrarias

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-04-21 CVE Reserved
2021-02-24 CVE Published
2024-04-27 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

References (14)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html	Mailing List

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com//security-alerts/cpujul2021.html	2024-02-01
https://www.oracle.com/security-alerts/cpuApr2021.html	2024-02-01
https://www.oracle.com/security-alerts/cpujan2022.html	2024-02-01
https://www.oracle.com/security-alerts/cpujul2022.html	2024-02-01
https://www.oracle.com/security-alerts/cpuoct2021.html	2024-02-01

URL	Date	SRC
https://lists.apache.org/thread.html/r2877ae10e8be56a3c52d03e373512ddd32f16b863f24c2e22f5a5ba2%40%3Cdev.poi.apache.org%3E	2024-02-01
https://lists.apache.org/thread.html/r588d05a0790b40a0eb81088252e1e8c1efb99706631421f17038eb05%40%3Cdev.poi.apache.org%3E	2024-02-01
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEDID4DAVPECE6O4QQCSIS75BLLBUUAM	2024-02-01
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7EAYO5XIHD6OIEA3HPK64UDDBSLNAC5	2024-02-01
https://security.gentoo.org/glsa/202401-11	2024-02-01
https://xmlgraphics.apache.org/security.html	2024-02-01
https://access.redhat.com/security/cve/CVE-2020-11987	2021-12-14
https://bugzilla.redhat.com/show_bug.cgi?id=1933808	2021-12-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Batik Search vendor "Apache" for product "Batik"				<= 1.13 Search vendor "Apache" for product "Batik" and version " <= 1.13"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Oracle Search vendor "Oracle"		Agile Engineering Data Management Search vendor "Oracle" for product "Agile Engineering Data Management"				6.2.1.0 Search vendor "Oracle" for product "Agile Engineering Data Management" and version "6.2.1.0"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				18.3 Search vendor "Oracle" for product "Banking Apis" and version "18.3"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				19.1 Search vendor "Oracle" for product "Banking Apis" and version "19.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				19.2 Search vendor "Oracle" for product "Banking Apis" and version "19.2"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				20.1 Search vendor "Oracle" for product "Banking Apis" and version "20.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Apis Search vendor "Oracle" for product "Banking Apis"				21.1 Search vendor "Oracle" for product "Banking Apis" and version "21.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				18.3 Search vendor "Oracle" for product "Banking Digital Experience" and version "18.3"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				19.1 Search vendor "Oracle" for product "Banking Digital Experience" and version "19.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				19.2 Search vendor "Oracle" for product "Banking Digital Experience" and version "19.2"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				20.1 Search vendor "Oracle" for product "Banking Digital Experience" and version "20.1"		-		Affected
Oracle Search vendor "Oracle"		Banking Digital Experience Search vendor "Oracle" for product "Banking Digital Experience"				21.1 Search vendor "Oracle" for product "Banking Digital Experience" and version "21.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Application Session Controller Search vendor "Oracle" for product "Communications Application Session Controller"				3.9m0p3 Search vendor "Oracle" for product "Communications Application Session Controller" and version "3.9m0p3"		-		Affected
Oracle Search vendor "Oracle"		Communications Metasolv Solution Search vendor "Oracle" for product "Communications Metasolv Solution"				6.3.0 Search vendor "Oracle" for product "Communications Metasolv Solution" and version "6.3.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Metasolv Solution Search vendor "Oracle" for product "Communications Metasolv Solution"				6.3.1 Search vendor "Oracle" for product "Communications Metasolv Solution" and version "6.3.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Offline Mediation Controller Search vendor "Oracle" for product "Communications Offline Mediation Controller"				12.0.0.3.0 Search vendor "Oracle" for product "Communications Offline Mediation Controller" and version "12.0.0.3.0"		-		Affected
Oracle Search vendor "Oracle"		Enterprise Repository Search vendor "Oracle" for product "Enterprise Repository"				11.1.1.7.0 Search vendor "Oracle" for product "Enterprise Repository" and version "11.1.1.7.0"		-		Affected
Oracle Search vendor "Oracle"		Flexcube Universal Banking Search vendor "Oracle" for product "Flexcube Universal Banking"				>= 14.1.0 <= 14.4.0 Search vendor "Oracle" for product "Flexcube Universal Banking" and version " >= 14.1.0 <= 14.4.0"		-		Affected
Oracle Search vendor "Oracle"		Fusion Middleware Mapviewer Search vendor "Oracle" for product "Fusion Middleware Mapviewer"				12.2.1.4.0 Search vendor "Oracle" for product "Fusion Middleware Mapviewer" and version "12.2.1.4.0"		-		Affected
Oracle Search vendor "Oracle"		Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack"				17.1 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.1"		-		Affected
Oracle Search vendor "Oracle"		Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack"				17.2 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.2"		-		Affected
Oracle Search vendor "Oracle"		Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack"				17.3 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.3"		-		Affected
Oracle Search vendor "Oracle"		Insurance Policy Administration Search vendor "Oracle" for product "Insurance Policy Administration"				>= 11.0 <= 11.3.1 Search vendor "Oracle" for product "Insurance Policy Administration" and version " >= 11.0 <= 11.3.1"		-		Affected
Oracle Search vendor "Oracle"		Product Lifecycle Analytics Search vendor "Oracle" for product "Product Lifecycle Analytics"				3.6.1 Search vendor "Oracle" for product "Product Lifecycle Analytics" and version "3.6.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Back Office Search vendor "Oracle" for product "Retail Back Office"				14.1 Search vendor "Oracle" for product "Retail Back Office" and version "14.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Central Office Search vendor "Oracle" for product "Retail Central Office"				14.1 Search vendor "Oracle" for product "Retail Central Office" and version "14.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Order Broker Search vendor "Oracle" for product "Retail Order Broker"				15.0 Search vendor "Oracle" for product "Retail Order Broker" and version "15.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Order Broker Search vendor "Oracle" for product "Retail Order Broker"				16.0 Search vendor "Oracle" for product "Retail Order Broker" and version "16.0"		-		Affected
Oracle Search vendor "Oracle"		Retail Order Management System Cloud Service Search vendor "Oracle" for product "Retail Order Management System Cloud Service"				19.5 Search vendor "Oracle" for product "Retail Order Management System Cloud Service" and version "19.5"		-		Affected
Oracle Search vendor "Oracle"		Retail Point-of-service Search vendor "Oracle" for product "Retail Point-of-service"				14.1 Search vendor "Oracle" for product "Retail Point-of-service" and version "14.1"		-		Affected
Oracle Search vendor "Oracle"		Retail Returns Management Search vendor "Oracle" for product "Retail Returns Management"				14.1 Search vendor "Oracle" for product "Retail Returns Management" and version "14.1"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				12.2.1.3.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.3.0"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				12.2.1.4.0 Search vendor "Oracle" for product "Weblogic Server" and version "12.2.1.4.0"		-		Affected
Oracle Search vendor "Oracle"		Weblogic Server Search vendor "Oracle" for product "Weblogic Server"				14.1.1.0.0 Search vendor "Oracle" for product "Weblogic Server" and version "14.1.1.0.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected