CVE-2019-3772
Description
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.046
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-3772 are fixed in Spring - spring-integration-xml 4.3.19 | Windows |
| Vulnerabilities CVE-2019-3772 are fixed in Spring - spring-integration-xml 5.0.11 | Windows |
| Vulnerabilities CVE-2019-3772 are fixed in Spring - spring-integration-xml 5.1.2 | Windows |
| Vulnerabilities CVE-2019-3772 are fixed in Spring-integration-ws 4.3.19 | Windows |
| Vulnerabilities CVE-2019-3772 are fixed in Spring-integration-ws 5.0.11 | Windows |
| Vulnerabilities CVE-2019-3772 are fixed in Spring-integration-ws 5.1.2 | Windows |
| Vulnerabilities CVE-2019-3772 are fixed in Spring - spring-integration-xml for Linux 4.3.19 | Linux |
| Vulnerabilities CVE-2019-3772 are fixed in Spring - spring-integration-xml for Linux 5.0.11 | Linux |
| Vulnerabilities CVE-2019-3772 are fixed in Spring - spring-integration-xml for Linux 5.1.2 | Linux |
| Vulnerabilities CVE-2019-3772 are fixed in Spring-integration-ws for Linux 4.3.19 | Linux |
| Vulnerabilities CVE-2019-3772 are fixed in Spring-integration-ws for Linux 5.0.11 | Linux |
| Vulnerabilities CVE-2019-3772 are fixed in Spring-integration-ws for Linux 5.1.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234