CVE-2020-13936
Published: 10 March 2021
Summary
CVE-2020-13936 is a high-severity an unspecified weakness vulnerability in Oracle Banking Enterprise Default Management. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 5.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-0461
Vulnerability details
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify…
more
velocity templates running Apache Velocity Engine versions up to 2.2.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.