CVE-2020-13936 vulnerability in Apache and Other Products
Published on March 10, 2021

Velocity Sandbox Bypass

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

Vendor Advisory NVD

Products Associated with CVE-2020-13936

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-13936 are published in these products:

Apache Velocity Engine

Apache Wss4j

Debian Linux

Oracle Banking Deposits Lines Credit Servicing

Oracle Banking Enterprise Default Management

Oracle Banking Loans Servicing

Oracle Banking Party Management

Oracle Banking Platform

Oracle Communications Cloud Native Core Policy

Oracle Retail Integration Bus

Oracle Retail Order Broker

Oracle Retail Service Backbone

Oracle Utilities Testing Accelerator

Oracle Communications Network Integrity

Oracle Hospitality Token Proxy Service

Oracle Retail Xstore Office Cloud Service

Oracle

Affected Versions

Apache Software Foundation Apache Velocity Engine:

Version Apache Velocity Engine, <= 2.2 is affected.

Exploit Probability

EPSS

15.69%

Percentile

94.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-13936 vulnerability in Apache and Other ProductsPublished on March 10, 2021

Products Associated with CVE-2020-13936

Affected Versions

Exploit Probability

CVE-2020-13936 vulnerability in Apache and Other Products
Published on March 10, 2021