CVE-2020-13936

high-risk

Published 2021-03-10

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Do I need to act?

16.4% chance of exploitation in next 30 days

EPSS score — higher than 84% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Velocity Engine

Wss4J

Debian Linux

Banking Deposits And Lines Of Credit Servicing

Banking Enterprise Default Management

Banking Loans Servicing

Banking Party Management

Banking Platform

Communications Cloud Native Core Policy

Communications Network Integrity

Hospitality Token Proxy Service

Retail Integration Bus

Retail Order Broker

Retail Service Backbone

Affected Vendors

Debian Apache Oracle

References (48)

Mailing List http://www.openwall.com/lists/oss-security/2021/03/10/1

Mailing List https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a65024...

https://lists.apache.org/thread.html/r0bc98e9cd080b4a13b905c571b9bed87e1a0878d44...

https://lists.apache.org/thread.html/r17cb932fab14801b14e5b97a7f05192f4f366ef260...

https://lists.apache.org/thread.html/r293284c6806c73f51098001ea86a14271c39f72cd7...

https://lists.apache.org/thread.html/r39de20c7e9c808b1f96790875d33e58c9c0aabb44f...

https://lists.apache.org/thread.html/r3ea4c4c908505b20a4c268330dfe7188b90c84dcf7...

https://lists.apache.org/thread.html/r4cd59453b65d4ac290fcb3b71fdf32b4f1f8989025...

https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef6359630...

https://lists.apache.org/thread.html/r7f209b837217d2a0fe5977fb692e7f15d37fa5de82...

https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56...

https://lists.apache.org/thread.html/rb042f3b0090e419cc9f5a3d32cf0baff283ccd6fcb...

https://lists.apache.org/thread.html/rbee7270556f4172322936b5ecc9fabf0c09f00d4fa...

https://lists.apache.org/thread.html/rd2a89e17e8a9b451ce655f1a34117752ea1d18a22c...

https://lists.apache.org/thread.html/rd7e865c87f9043c21d9c1fd9d4df866061d9a08cfc...

https://lists.apache.org/thread.html/re641197d204765130618086238c73dd2ce5a3f94b3...

https://lists.apache.org/thread.html/re8e7482fe54d289fc0229e61cc64947b63b12c3c31...

https://lists.apache.org/thread.html/reab5978b54a9f4c078402161e30a89c42807b19881...

https://lists.apache.org/thread.html/rf7d369de88dc88a1347006a3323b3746d849234db4...

and 28 more references

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 13/34 · Low

Exposure 22/34 · High