Unknown
CVE-2020-17521
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-17521
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy’s implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- apache,
- netapp,
- oracle
Products
- agile engineering data management 6.2.1.0,
- agile plm 9.3.3,
- agile plm 9.3.6,
- agile plm mcad connector 3.4,
- agile plm mcad connector 3.6,
- atlas 2.1.0,
- business process management suite 12.2.1.3.0,
- business process management suite 12.2.1.4.0,
- communications brm - elastic charging engine 11.3.0.9.0,
- communications brm - elastic charging engine 12.0.0.3,
- communications diameter signaling router 8.4.0.0,
- communications evolved communications application server 7.1,
- communications services gatekeeper 6.0,
- communications services gatekeeper 6.1,
- communications services gatekeeper 7.0,
- groovy,
- groovy 4.0.0,
- healthcare data repository 7.0.2,
- hospitality opera 5 5.6,
- ilearning 6.2,
- ilearning 6.3,
- insurance policy administration,
- jd edwards enterpriseone orchestrator 9.2.6.0,
- primavera gateway,
- primavera unifier,
- primavera unifier 16.1,
- primavera unifier 16.2,
- primavera unifier 18.8,
- primavera unifier 19.12,
- primavera unifier 20.12,
- retail bulk data integration 15.0.3.0,
- retail bulk data integration 16.0.3.0,
- retail merchandising system 16.0.3,
- retail store inventory management 14.1.3.10,
- retail store inventory management 15.0.3.5,
- retail store inventory management 16.0.3.5,
- snapcenter -
References
Advisory
Miscellaneous
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: