CVE-2020-5421

EPSS 63.83%
Published 19.09.2020 04:15:11
Last modified 21.11.2024 05:34:08
Source security@pivotal.io
Teams watchlist Login
Open Login

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Affected products Warnungen 0 Metrics 4 CWE 0 References 27

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Spring Framework Version < 4.3.29

VMware ≫ Spring Framework Version >= 5.0.0 < 5.0.19

VMware ≫ Spring Framework Version >= 5.1.0 < 5.1.18

VMware ≫ Spring Framework Version >= 5.2.0 < 5.2.9

Oracle ≫ Commerce Guided Search Version11.3.2

Oracle ≫ Communications Brm Version11.3.0.9

Oracle ≫ Communications Brm Version12.0.0.3

Oracle ≫ Communications Design Studio Version7.3.4

Oracle ≫ Communications Design Studio Version7.3.5

Oracle ≫ Communications Design Studio Version7.4.0

Oracle ≫ Communications Session Report Manager Version >= 8.2.1 <= 8.2.2.1

Oracle ≫ Communications Unified Inventory Management Version7.3.4

Oracle ≫ Communications Unified Inventory Management Version7.3.5

Oracle ≫ Endeca Information Discovery Integrator Version3.2.0

Oracle ≫ Enterprise Data Quality Version12.2.1.3.0

Oracle ≫ Enterprise Data Quality Version12.2.1.4.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.6 <= 8.1.0

Oracle ≫ Flexcube Private Banking Version12.0.0

Oracle ≫ Flexcube Private Banking Version12.1.0

Oracle ≫ Fusion Middleware Version12.2.1.3.0

Oracle ≫ Fusion Middleware Version12.2.1.4.0

Oracle ≫ Goldengate Application Adapters Version19.1.0.0.0

Oracle ≫ Healthcare Master Person Index Version4.0.2.5

Oracle ≫ Hyperion Infrastructure Technology Version11.1.2.4

Oracle ≫ Insurance Policy Administration Version >= 11.1.0 <= 11.3.0

Oracle ≫ Insurance Policy Administration Version10.2

Oracle ≫ Insurance Policy Administration Version10.2.4

Oracle ≫ Insurance Policy Administration Version11.0.2

Oracle ≫ Insurance Rules Palette Version >= 11.1.0 <= 11.3.0

Oracle ≫ Insurance Rules Palette Version10.2.0

Oracle ≫ Insurance Rules Palette Version10.2.4

Oracle ≫ Insurance Rules Palette Version11.0.2

Oracle ≫ Mysql Enterprise Monitor Version <= 8.0.22

Oracle ≫ Mysql Enterprise Monitor Version8.0.23

Oracle ≫ Primavera Gateway Version >= 16.2.0 <= 16.2.11

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.9

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.10

Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.10

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 16.1.0 <= 16.2.20

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 17.1.0 <= 17.12.19

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 18.1.0 <= 18.8.21

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 19.12.0 <= 19.12.10

Oracle ≫ Retail Assortment Planning Version16.0.3.0

Oracle ≫ Retail Bulk Data Integration Version16.0.3.0

Oracle ≫ Retail Customer Engagement Version >= 16.0 <= 19.0

Oracle ≫ Retail Customer Management And Segmentation Foundation Version >= 16.0 <= 19.0

Oracle ≫ Retail Financial Integration Version14.1.3

Oracle ≫ Retail Financial Integration Version15.0.3

Oracle ≫ Retail Financial Integration Version16.0.3

Oracle ≫ Retail Integration Bus Version14.1.3

Oracle ≫ Retail Integration Bus Version15.0.3

Oracle ≫ Retail Integration Bus Version16.0.3

Oracle ≫ Retail Invoice Matching Version14.0

Oracle ≫ Retail Invoice Matching Version14.1

Oracle ≫ Retail Merchandising System Version16.0.3

Oracle ≫ Retail Order Broker Version15.0

Oracle ≫ Retail Order Broker Version16.0

Oracle ≫ Retail Predictive Application Server Version14.1

Oracle ≫ Retail Returns Management Version14.1

Oracle ≫ Retail Service Backbone Version14.1.3

Oracle ≫ Retail Service Backbone Version15.0.3

Oracle ≫ Retail Service Backbone Version16.0.3

Oracle ≫ Retail Xstore Point Of Service Version15.0.4

Oracle ≫ Retail Xstore Point Of Service Version16.0.6

Oracle ≫ Retail Xstore Point Of Service Version17.0.4

Oracle ≫ Retail Xstore Point Of Service Version18.0.3

Oracle ≫ Retail Xstore Point Of Service Version19.0.2

Oracle ≫ Storagetek Acsls Version8.5.1

Oracle ≫ Storagetek Tape Analytics Sw Tool Version2.3

Oracle ≫ Weblogic Server Version10.3.6.0.0

Oracle ≫ Weblogic Server Version12.1.3.0.0

Oracle ≫ Weblogic Server Version12.2.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.4.0

Oracle ≫ Weblogic Server Version14.1.1.0.0

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Snap Creator Framework Version-

Netapp ≫ Snapcenter Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	63.83%	0.984

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	1.3	4.7	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
nvd@nist.gov	3.6	3.9	4.9	AV:N/AC:H/Au:S/C:P/I:P/A:N
security@pivotal.io	8.7	2.3	5.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N