CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.069

EPSS Ranking 90.8%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 9.0

References

https://tvrbk.github.io/cve/2021/03/09/brXM.html
https://tvrbk.github.io/cve/2021/03/09/brXM.html

Products affected by CVE-2020-14987

Bloomreach » Experience Manager » Version: 14.1.0

cpe:2.3:a:bloomreach:experience_manager:14.1.0
Bloomreach » Experience Manager » Version: 14.1.1

cpe:2.3:a:bloomreach:experience_manager:14.1.1
Bloomreach » Experience Manager » Version: 14.2.1

cpe:2.3:a:bloomreach:experience_manager:14.2.1
Bloomreach » Experience Manager » Version: 14.2.2

cpe:2.3:a:bloomreach:experience_manager:14.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-14987

Products

Pricing

Contact Us