Vulnerability Description
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dotcms | Dotcms | < 5.1.0 |
Related Weaknesses (CWE)
References
- https://cwe.mitre.org/data/definitions/284.htmlThird Party Advisory
- https://dotcms.com/security/SI-51Vendor Advisory
- https://github.com/dotCMS/core/issues/15882Issue TrackingThird Party Advisory
- https://cwe.mitre.org/data/definitions/284.htmlThird Party Advisory
- https://dotcms.com/security/SI-51Vendor Advisory
- https://github.com/dotCMS/core/issues/15882Issue TrackingThird Party Advisory
FAQ
What is CVE-2020-18875?
CVE-2020-18875 is a vulnerability with a CVSS score of 8.8 (HIGH). Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
How severe is CVE-2020-18875?
CVE-2020-18875 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-18875?
Check the references section above for vendor advisories and patch information. Affected products include: Dotcms Dotcms.