fkie_cve-2020-5397
Vulnerability from fkie_nvd
Published
2020-01-17 19:15
Modified
2024-11-21 05:34
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.
References
security@pivotal.iohttps://pivotal.io/security/cve-2020-5397Exploit, Vendor Advisory
security@pivotal.iohttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpujul2022.html
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2020-5397Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
oracle application_testing_suite 13.3.0.1
oracle communications_brm_-_elastic_charging_engine 11.3
oracle communications_brm_-_elastic_charging_engine 12.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager 8.1.1
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.2.1
oracle communications_policy_management 12.5.0
oracle communications_session_route_manager 8.1.1
oracle communications_session_route_manager 8.2.0
oracle communications_session_route_manager 8.2.1
oracle enterprise_manager_base_platform 13.2.1.0
oracle financial_services_regulatory_reporting_with_agilereporter 8.0.9.2.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle healthcare_master_person_index 4.0.2
oracle insurance_calculation_engine *
oracle insurance_policy_administration_j2ee 10.2.0
oracle insurance_policy_administration_j2ee 10.2.4
oracle insurance_policy_administration_j2ee 11.0.2
oracle insurance_policy_administration_j2ee 11.1.0
oracle insurance_policy_administration_j2ee 11.2.0
oracle insurance_rules_palette 10.2.0
oracle insurance_rules_palette 10.2.4
oracle insurance_rules_palette 11.0.2
oracle insurance_rules_palette 11.1.0
oracle insurance_rules_palette 11.2.0
oracle mysql_enterprise_monitor *
oracle mysql_enterprise_monitor *
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle retail_assortment_planning 15.0
oracle retail_assortment_planning 16.0
oracle retail_back_office 14.1
oracle retail_central_office 14.1
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
oracle retail_integration_bus 15.0.3
oracle retail_integration_bus 16.0.3
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_point-of-service 14.1
oracle retail_predictive_application_server 14.0.3
oracle retail_predictive_application_server 14.1.3
oracle retail_predictive_application_server 15.0.3.0
oracle retail_predictive_application_server 16.0.3.0
oracle retail_returns_management 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC92F79-CBF6-4627-853B-DB9C61061F38",
              "versionEndExcluding": "5.2.3",
              "versionStartIncluding": "5.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "512E0604-4D40-49CE-8142-89379A226913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5726AE4-4F63-4793-8948-0546DAA2D50D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66916DEB-ACE1-44E0-9535-10B3E03347AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C146BA-6F4F-4A6F-8E53-8A4F5B8E15D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CC97EF4-DAB5-4A4C-B5DF-5AD2BF87DDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4207-DB46-42D6-A8C9-1BE857483B88",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "991B23C1-83FA-40B1-AF0A-9A7B10A9EDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B4193-4DB7-4BD9-85FF-8665601E6D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D8FE6-2BB4-4FF6-8B42-2D47F6FBFDFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7116EED-13F0-41A6-93D4-DBBDBD984423",
              "versionEndIncluding": "4.0.12",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73573516-EDA0-4176-A3ED-2F7006C87F8E",
              "versionEndIncluding": "8.0.20",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA800332-C6B9-4F05-9FB0-72C1040AAFD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "118E48CE-8603-442B-B9C9-E30A41E4D974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack."
    },
    {
      "lang": "es",
      "value": "Spring Framework, versiones 5.2.x anteriores a 5.2.3 son vulnerables a los ataques de tipo CSRF por medio de peticiones de verificaci\u00f3n previa CORS que van dirigidas a los endpoints Spring MVC (m\u00f3dulo spring-webmvc) o Spring WebFlux (m\u00f3dulo spring-webflux). Solo los endpoints no autenticados son vulnerables porque las peticiones de verificaci\u00f3n previa no deben incluir credenciales y, por lo tanto, las peticiones deben de presentar un fallo en la autenticaci\u00f3n. Sin embargo, una excepci\u00f3n notable para esto son los navegadores basados en Chrome cuando se usan certificados de cliente para la autenticaci\u00f3n, ya que Chrome env\u00eda certificados de cliente TLS en peticiones de verificaci\u00f3n previa CORS en violaci\u00f3n de los requerimientos de las especificaciones. Ning\u00fan cuerpo de HTTP puede ser enviado o recibido como un resultado de este ataque."
    }
  ],
  "id": "CVE-2020-5397",
  "lastModified": "2024-11-21T05:34:03.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security@pivotal.io",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-17T19:15:14.727",
  "references": [
    {
      "source": "security@pivotal.io",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2020-5397"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2020-5397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@pivotal.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "security@pivotal.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.