Vulnerabilities > CVE-2020-5421

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
vmware
oracle
netapp

Summary

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Vulnerable Configurations

Part Description Count
Application
Vmware
182
Application
Oracle
245
Application
Netapp
3

References