Vulnerabilities > Vmware > Spring Integration > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-07-31 CVE-2020-5413 Deserialization of Untrusted Data vulnerability in multiple products
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization.
network
low complexity
vmware oracle CWE-502
critical
9.8
2019-01-18 CVE-2019-3772 XXE vulnerability in multiple products
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
network
low complexity
vmware oracle CWE-611
critical
9.8