CVE-2016-1000027
Description
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendors position is that untrusted data is not an intended use case. The products behavior will not be changed because some users rely on deserialization of trusted data.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
51.325
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-1000027 are fixed in Spring-web 6.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle BI Publisher 7.0.0.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle BI Publisher 7.6.0.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.2 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1 | Windows |
| Vulnerabilities CVE-2016-1000027 are fixed in Spring-web for Linux 6.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234