Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

Published

2020-12-07T20:15:12.633

Last Modified

2024-11-21T05:08:16.887

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.9

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache groovy ≤ 2.4.20 Yes
Application apache groovy ≤ 2.5.13 Yes
Application apache groovy ≤ 3.0.6 Yes
Application apache groovy 4.0.0 Yes
Application netapp snapcenter - Yes
Application oracle agile_engineering_data_management 6.2.1.0 Yes
Application oracle agile_plm 9.3.3 Yes
Application oracle agile_plm 9.3.6 Yes
Application oracle agile_plm_mcad_connector 3.4 Yes
Application oracle agile_plm_mcad_connector 3.6 Yes
Application oracle business_process_management_suite 12.2.1.3.0 Yes
Application oracle business_process_management_suite 12.2.1.4.0 Yes
Application oracle communications_brm_-_elastic_charging_engine 11.3.0.9.0 Yes
Application oracle communications_brm_-_elastic_charging_engine 12.0.0.3 Yes
Application oracle communications_diameter_signaling_router 8.4.0.0 Yes
Application oracle communications_evolved_communications_application_server 7.1 Yes
Application oracle communications_services_gatekeeper 6.0 Yes
Application oracle communications_services_gatekeeper 6.1 Yes
Application oracle communications_services_gatekeeper 7.0 Yes
Application oracle healthcare_data_repository 7.0.2 Yes
Application oracle hospitality_opera_5 5.6 Yes
Application oracle ilearning 6.2 Yes
Application oracle ilearning 6.3 Yes
Application oracle insurance_policy_administration ≤ 11.3.1 Yes
Application oracle jd_edwards_enterpriseone_orchestrator 9.2.6.0 Yes
Application oracle primavera_gateway ≤ 17.12.10 Yes
Application oracle primavera_unifier ≤ 17.12 Yes
Application oracle primavera_unifier 16.1 Yes
Application oracle primavera_unifier 16.2 Yes
Application oracle primavera_unifier 18.8 Yes
Application oracle primavera_unifier 19.12 Yes
Application oracle primavera_unifier 20.12 Yes
Application oracle retail_bulk_data_integration 15.0.3.0 Yes
Application oracle retail_bulk_data_integration 16.0.3.0 Yes
Application oracle retail_merchandising_system 16.0.3 Yes
Application oracle retail_store_inventory_management 14.1.3.10 Yes
Application oracle retail_store_inventory_management 15.0.3.5 Yes
Application oracle retail_store_inventory_management 16.0.3.5 Yes
Application apache atlas 2.1.0 Yes
References