CVE-2020-17521

Published: Dic 07, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-1505 Aliases: GHSA-rcjj-h6gh-jf3r
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW 2,1
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0179
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

Application

Communications Services Gatekeeper by Oracle

Product Information
Vendor Oracle
Product Communications Services Gatekeeper
Version 7.0
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Brm - Elastic Charging Engine by Oracle

Product Information
Vendor Oracle
Product Communications Brm - Elastic Charging Engine
Version 12.0.0.3
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version Range Affected
From 17.7 (inclusive)
To 17.12 (inclusive)
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Brm - Elastic Charging Engine by Oracle

Product Information
Vendor Oracle
Product Communications Brm - Elastic Charging Engine
Version 11.3.0.9.0
cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 19.12
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Store Inventory Management by Oracle

Product Information
Vendor Oracle
Product Retail Store Inventory Management
Version 16.0.3.5
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 18.8
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Bulk Data Integration by Oracle

Product Information
Vendor Oracle
Product Retail Bulk Data Integration
Version 15.0.3.0
cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Store Inventory Management by Oracle

Product Information
Vendor Oracle
Product Retail Store Inventory Management
Version 14.1.3.10
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Bulk Data Integration by Oracle

Product Information
Vendor Oracle
Product Retail Bulk Data Integration
Version 16.0.3.0
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 20.12
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Atlas by Apache

Product Information
Vendor Apache
Product Atlas
Version 2.1.0
cpe:2.3:a:apache:atlas:2.1.0:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Groovy by Apache

Product Information
Vendor Apache
Product Groovy
Version Range Affected
From 2.0.0 (inclusive)
To 2.4.20 (inclusive)
cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Diameter Signaling Router by Oracle

Product Information
Vendor Oracle
Product Communications Diameter Signaling Router
Version 8.4.0.0
cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Ilearning by Oracle

Product Information
Vendor Oracle
Product Ilearning
Version 6.3
cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Agile Engineering Data Management by Oracle

Product Information
Vendor Oracle
Product Agile Engineering Data Management
Version 6.2.1.0
cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 16.2
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Gateway by Oracle

Product Information
Vendor Oracle
Product Primavera Gateway
Version Range Affected
From 17.12.0 (inclusive)
To 17.12.10 (inclusive)
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Insurance Policy Administration by Oracle

Product Information
Vendor Oracle
Product Insurance Policy Administration
Version Range Affected
From 11.0 (inclusive)
To 11.3.1 (inclusive)
cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Hospitality Opera 5 by Oracle

Product Information
Vendor Oracle
Product Hospitality Opera 5
Version 5.6
cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Evolved Communications Application Server by Oracle

Product Information
Vendor Oracle
Product Communications Evolved Communications Application Server
Version 7.1
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Groovy by Apache

Product Information
Vendor Apache
Product Groovy
Version 4.0.0
cpe:2.3:a:apache:groovy:4.0.0:alpha1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Store Inventory Management by Oracle

Product Information
Vendor Oracle
Product Retail Store Inventory Management
Version 15.0.3.5
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.5:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Groovy by Apache

Product Information
Vendor Apache
Product Groovy
Version Range Affected
From 3.0.0 (inclusive)
To 3.0.6 (inclusive)
cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Agile Plm Mcad Connector by Oracle

Product Information
Vendor Oracle
Product Agile Plm Mcad Connector
Version 3.6
cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Services Gatekeeper by Oracle

Product Information
Vendor Oracle
Product Communications Services Gatekeeper
Version 6.0
cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Snapcenter by Netapp

Product Information
Vendor Netapp
Product Snapcenter
Version -
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Groovy by Apache

Product Information
Vendor Apache
Product Groovy
Version Range Affected
From 2.5.0 (inclusive)
To 2.5.13 (inclusive)
cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Agile Plm by Oracle

Product Information
Vendor Oracle
Product Agile Plm
Version 9.3.6
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Agile Plm Mcad Connector by Oracle

Product Information
Vendor Oracle
Product Agile Plm Mcad Connector
Version 3.4
cpe:2.3:a:oracle:agile_plm_mcad_connector:3.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jd Edwards Enterpriseone Orchestrator by Oracle

Product Information
Vendor Oracle
Product Jd Edwards Enterpriseone Orchestrator
Version 9.2.6.0
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.6.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Agile Plm by Oracle

Product Information
Vendor Oracle
Product Agile Plm
Version 9.3.3
cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Ilearning by Oracle

Product Information
Vendor Oracle
Product Ilearning
Version 6.2
cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 16.1
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Process Management Suite by Oracle

Product Information
Vendor Oracle
Product Business Process Management Suite
Version 12.2.1.4.0
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Healthcare Data Repository by Oracle

Product Information
Vendor Oracle
Product Healthcare Data Repository
Version 7.0.2
cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Business Process Management Suite by Oracle

Product Information
Vendor Oracle
Product Business Process Management Suite
Version 12.2.1.3.0
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Communications Services Gatekeeper by Oracle

Product Information
Vendor Oracle
Product Communications Services Gatekeeper
Version 6.1
cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Retail Merchandising System by Oracle

Product Information
Vendor Oracle
Product Retail Merchandising System
Version 16.0.3
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://groovy-lang.org/security.html#CVE-2020-17521
Third Party Advisory
https://groovy-lang.org/security.html#CVE-2020-17521
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7…
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc103…
https://lists.apache.org/thread.html/ra9dab34bf8625511f2369…
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aa…
https://lists.apache.org/thread.html/rea63a4666ba245d289247…
https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f…
https://security.netapp.com/advisory/ntap-20201218-0006/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201218-0006/
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
https://groovy-lang.org/security.html#CVE-2020-17521
Third Party Advisory
https://groovy-lang.org/security.html#CVE-2020-17521
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7…
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc103…
https://lists.apache.org/thread.html/ra9dab34bf8625511f2369…
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aa…
https://lists.apache.org/thread.html/rea63a4666ba245d289247…
https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f…
https://security.netapp.com/advisory/ntap-20201218-0006/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20201218-0006/
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
Patch Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujul2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html