Unrated severityNVD Advisory· Published Mar 11, 2021· Updated Aug 4, 2024
CVE-2020-14987
CVE-2020-14987
Description
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Bloomreach/Experience Managerdescription
- Range: >=4.1.0 <=14.2.2
Patches
Vulnerability mechanics
References
1- tvrbk.github.io/cve/2021/03/09/brXM.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.