Vulnerabilities > CVE-2020-11987 - Server-Side Request Forgery (SSRF) vulnerability in multiple products

047910
CVSS 8.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
LOW
Availability impact
NONE

Summary

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

Vulnerable Configurations

Part Description Count
Application
Apache
27
Application
Oracle
43
OS
Fedoraproject
2
OS
Debian
1

Common Weakness Enumeration (CWE)

References