Summaryinfo

A vulnerability was found in Oracle Retail Order Broker 15.0/16.0. It has been classified as critical. Affected is an unknown function of the component Apache Batik. This manipulation causes an unknown weakness. This vulnerability appears as CVE-2020-11987. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in Oracle Retail Order Broker 15.0/16.0. It has been declared as critical. Affected by this vulnerability is an unknown code block of the component Apache Batik. The CWE definition for the vulnerability is CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. As an impact it is known to affect integrity.

The weakness was presented 07/20/2021 as Oracle Critical Patch Update Advisory - July 2021. The advisory is shared at oracle.com. This vulnerability is known as CVE-2020-11987. Neither technical details nor an exploit are publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 242417 (Debian dla-4243 : libbatik-java - security update), which helps to determine the existence of the flaw in a target environment.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (242417). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• Oracle

Name

• Retail Order Broker

Version

• 15.0
• 16.0

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion