Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2020-5421

Published: 19/09/2020 Updated: 07/11/2023
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4.7 | Exploitability Score: 1.3
VMScore: 321
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N
Subscribe to Vmware

Vulnerability Summary

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware spring framework

oracle flexcube private banking 12.1.0

oracle flexcube private banking 12.0.0

oracle weblogic server 12.1.3.0.0

oracle insurance rules palette 10.2.0

oracle weblogic server 10.3.6.0.0

oracle weblogic server 12.2.1.3.0

oracle endeca information discovery integrator 3.2.0

oracle retail predictive application server 14.1

oracle retail order broker 15.0

oracle retail order broker 16.0

oracle retail integration bus 14.1.3

oracle retail returns management 14.1

oracle insurance policy administration 10.2

oracle enterprise data quality 12.2.1.3.0

oracle communications unified inventory management 7.3.4

oracle communications unified inventory management 7.3.5

oracle retail invoice matching 14.0

oracle retail invoice matching 14.1

oracle fusion middleware 12.2.1.3.0

oracle weblogic server 12.2.1.4.0

oracle fusion middleware 12.2.1.4.0

oracle financial services analytical applications infrastructure

oracle weblogic server 14.1.1.0.0

oracle hyperion infrastructure technology 11.1.2.4

oracle retail bulk data integration 16.0.3.0

oracle retail assortment planning 16.0.3.0

oracle retail merchandising system 16.0.3

oracle goldengate application adapters 19.1.0.0.0

oracle primavera gateway

oracle retail service backbone 15.0.3

oracle retail service backbone 16.0.3

oracle retail financial integration 15.0.3

oracle retail financial integration 16.0.3

oracle retail financial integration 14.1.3

oracle retail service backbone 14.1.3

oracle retail integration bus 15.0.3

oracle retail integration bus 16.0.3

oracle insurance rules palette 10.2.4

oracle insurance rules palette 11.0.2

oracle commerce guided search 11.3.2

oracle retail xstore point of service 16.0.6

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle insurance rules palette

oracle insurance policy administration

oracle insurance policy administration 11.0.2

oracle retail xstore point of service 15.0.4

oracle mysql enterprise monitor

oracle mysql enterprise monitor 8.0.23

oracle insurance policy administration 10.2.4

oracle healthcare master person index 4.0.2.5

oracle primavera p6 enterprise project portfolio management

oracle communications session report manager

oracle communications brm 12.0.0.3

oracle communications brm 11.3.0.9

oracle storagetek tape analytics sw tool 2.3

oracle retail customer engagement

oracle retail customer management and segmentation foundation

oracle enterprise data quality 12.2.1.4.0

oracle communications design studio 7.3.4

oracle communications design studio 7.3.5

oracle communications design studio 7.4.0

oracle storagetek acsls 8.5.1

netapp snap creator framework -

netapp snapcenter -

netapp oncommand insight -

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2020-5421
Debian Bug report logs - #973381 CVE-2020-5421 Package: src:libspring-java; Maintainer for src:libspring-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 29 Oct 2020 18:45:04 UTC Severity: important Tags: security, upstream Fo ...

Github Repositories

https://github.com/delaval-htps/ProjetDevJava

Projet de fin de formation: application type CRM

ProjetDevJava Projet de fin de formation: Application de type CRM pour la gestion de clients , devis, facturations et articles En cours de développement: Application web avec Serveur TOMCAT9, MYSQL, SPRING, JSP BOOTSTRAP et REST API Application Angular avec BOOTSTRAP pour effectuer une connexion avec le REST API Documentation génerale développée

https://github.com/pandaMingx/CVE-2020-5421

Spring 安全漏洞 CVE-2020-5421复现

Spring 安全漏洞 CVE-2020-5421复现 漏洞概述 CVE-2020-5421 可通过jsessionid路径参数,绕过防御RFD攻击的保护。先前针对RFD的防护是为应对 CVE-2015-5211 添加的。 什么是RFD 反射型文件下载漏洞(RFD)是一种攻击技术,通过从受信任的域虚拟下载文件,攻击者可以获得对受害者计算机的完全访问权限。

References

NVD-CWE-noinfohttps://tanzu.vmware.com/security/cve-2020-5421https://www.oracle.com/security-alerts/cpujan2021.htmlhttps://security.netapp.com/advisory/ntap-20210513-0009/https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3Cdev.ranger.apache.org%3Ehttps://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3Ehttps://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3Ehttps://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3Ehttps://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3Ehttps://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3Ehttps://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3Cdev.hive.apache.org%3Ehttps://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3Cissues.hive.apache.org%3Ehttps://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3Cuser.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3Cuser.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3Cissues.hive.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381https://nvd.nist.govhttps://github.com/delaval-htps/ProjetDevJava
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook