1. CVE-Search
  2. CVE-2020-11987
ID CVE-2020-11987
Summary Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:batik:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1:rc4:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta4:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta4:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta4b:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta4b:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5:beta5:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5:beta5:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.5.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.5.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.7:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.7:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:batik:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:batik:1.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_order_management_system_cloud_service:19.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_universal_banking:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_universal_banking:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_universal_banking:14.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_universal_banking:14.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_universal_banking:14.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_universal_banking:14.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_universal_banking:14.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_universal_banking:14.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 01-02-2024 - 01:24)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
Last major update 01-02-2024 - 01:24
Published 24-02-2021 - 18:15
Last modified 01-02-2024 - 01:24
Back to Top