Vulnerabilities > Vmware > Spring Cloud Config > 2.1.1

DATE CVE VULNERABILITY TITLE RISK
2020-06-02 CVE-2020-5410 Path Traversal vulnerability in VMWare Spring Cloud Config
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.
network
low complexity
vmware CWE-22
5.0
5.0
2020-03-05 CVE-2020-5405 Path Traversal vulnerability in VMWare Spring Cloud Config
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.
network
vmware CWE-22
4.3
4.3
2019-05-06 CVE-2019-3799 Path Traversal vulnerability in multiple products
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module.
network
vmware oracle CWE-22
4.3
4.3