CVE-2020-5421
Description
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
EPSS Score
Exploitation Probability
63.828
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 10.3.6.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| Vulnerabilities CVE-2020-5421 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.2.20 | Windows |
| Vulnerabilities CVE-2020-5421 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.19 | Windows |
| Vulnerabilities CVE-2020-5421 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.21 | Windows |
| Vulnerabilities CVE-2020-5421 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.10 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Controller 10.4.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.3 | Windows |
| Vulnerabilities CVE-2020-5421 are fixed in Spring - spring-framework-bom 5.2.9 | Windows |
| Vulnerabilities CVE-2020-5421 are fixed in Spring - spring-framework-bom 5.1.18 | Windows |
| Vulnerabilities CVE-2020-5421 are fixed in Spring - spring-framework-bom 5.0.19 | Windows |
| Vulnerabilities CVE-2020-5421 are fixed in Spring - spring-framework-bom 4.3.29 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Verify Directory Integrator 7.2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.8 | Windows |
| Vulnerabilities CVE-2020-5421 are fixed in Spring - spring-framework-bom for Linux 5.2.9 | Linux |
| Vulnerabilities CVE-2020-5421 are fixed in Spring - spring-framework-bom for Linux 5.1.18 | Linux |
| Vulnerabilities CVE-2020-5421 are fixed in Spring - spring-framework-bom for Linux 5.0.19 | Linux |
| Vulnerabilities CVE-2020-5421 are fixed in Spring - spring-framework-bom for Linux 4.3.29 | Linux |
| CVE-2020-5421 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234