What is CVE-2020-17521?

CVE-2020-17521 is a medium-severity vulnerability in Apache Atlas. CVSS score: 5.5/10. Published 2020-12-07.

How severe is CVE-2020-17521?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Vulnerability in Apache Atlas

CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on so…

EPSS: 0.011 (59.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Apache Atlas — versions 2.1.0
Apache Groovy — versions 4.0.0
Apache Software Foundation Groovy — versions 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6
Netapp Snapcenter
Oracle Agile_engineering_data_management — versions 6.2.1.0
Oracle Agile_plm — versions 9.3.3, 9.3.6
Oracle Agile_plm_mcad_connector — versions 3.4, 3.6
Oracle Business_process_management_suite — versions 12.2.1.3.0, 12.2.1.4.0
Oracle Communications_brm_-_elastic_charging_engine — versions 11.3.0.9.0, 12.0.0.3
Oracle Communications_diameter_signaling_router — versions 8.4.0.0

References

security@apache.org (x_refsource_CONFIRM, Third Party Advisory)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (Patch, Third Party Advisory, x_refsource_MISC)
security@apache.org (x_refsource_CONFIRM, Third Party Advisory)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (mailing-list, x_refsource_MLIST)
security@apache.org (Patch, Third Party Advisory, x_refsource_MISC)
security@apache.org (Patch, Third Party Advisory, x_refsource_MISC)
security@apache.org (Patch, Third Party Advisory, x_refsource_MISC)
security@apache.org (Patch, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2020-17521?: CVE-2020-17521 is a medium-severity vulnerability in Apache Atlas. CVSS score: 5.5/10. Published 2020-12-07.
How severe is CVE-2020-17521?: Medium severity. CVSS v3 base score is 5.5 out of 10.