Attacker Value
Unknown
CVE-2020-5421
CVE-2020-5421
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
In Spring Framework versions 5.2.0 – 5.2.8, 5.1.0 – 5.1.17, 5.0.0 – 5.0.18, 4.3.0 – 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
6.5 Medium
Impact Score:
4.7
Exploitability Score:
1.3
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
Low
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
High
Availability (A):
None
General Information
Vendors
- netapp,
- oracle,
- vmware
Products
- commerce guided search 11.3.2,
- communications brm 11.3.0.9,
- communications brm 12.0.0.3,
- communications design studio 7.3.4,
- communications design studio 7.3.5,
- communications design studio 7.4.0,
- communications session report manager,
- communications unified inventory management 7.3.4,
- communications unified inventory management 7.3.5,
- endeca information discovery integrator 3.2.0,
- enterprise data quality 12.2.1.3.0,
- enterprise data quality 12.2.1.4.0,
- financial services analytical applications infrastructure,
- flexcube private banking 12.0.0,
- flexcube private banking 12.1.0,
- fusion middleware 12.2.1.3.0,
- fusion middleware 12.2.1.4.0,
- goldengate application adapters 19.1.0.0.0,
- healthcare master person index 4.0.2.5,
- hyperion infrastructure technology 11.1.2.4,
- insurance policy administration,
- insurance policy administration 10.2,
- insurance policy administration 10.2.4,
- insurance policy administration 11.0.2,
- insurance rules palette,
- insurance rules palette 10.2.0,
- insurance rules palette 10.2.4,
- insurance rules palette 11.0.2,
- mysql enterprise monitor,
- mysql enterprise monitor 8.0.23,
- oncommand insight -,
- primavera gateway,
- primavera p6 enterprise project portfolio management,
- retail assortment planning 16.0.3.0,
- retail bulk data integration 16.0.3.0,
- retail customer engagement,
- retail customer management and segmentation foundation,
- retail financial integration 14.1.3,
- retail financial integration 15.0.3,
- retail financial integration 16.0.3,
- retail integration bus 14.1.3,
- retail integration bus 15.0.3,
- retail integration bus 16.0.3,
- retail invoice matching 14.0,
- retail invoice matching 14.1,
- retail merchandising system 16.0.3,
- retail order broker 15.0,
- retail order broker 16.0,
- retail predictive application server 14.1,
- retail returns management 14.1,
- retail service backbone 14.1.3,
- retail service backbone 15.0.3,
- retail service backbone 16.0.3,
- retail xstore point of service 15.0.4,
- retail xstore point of service 16.0.6,
- retail xstore point of service 17.0.4,
- retail xstore point of service 18.0.3,
- retail xstore point of service 19.0.2,
- snap creator framework -,
- snapcenter -,
- spring framework,
- storagetek acsls 8.5.1,
- storagetek tape analytics sw tool 2.3,
- weblogic server 10.3.6.0.0,
- weblogic server 12.1.3.0.0,
- weblogic server 12.2.1.3.0,
- weblogic server 12.2.1.4.0,
- weblogic server 14.1.1.0.0
References
Advisory
Miscellaneous
