oracle financial-services-analytical-applications-infrastructure CVE-2019-3773 in Oracle and Pivotal Software Products
Published on January 18, 2019

Spring Web Services XML External Entity Injection (XXE)

product logo product logo
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

NVD

Weakness Type

What is a XXE Vulnerability?

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CVE-2019-3773 has been classified to as a XXE vulnerability or weakness.


Products Associated with CVE-2019-3773

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-3773 are published in these products:

Oracle Financial Services Analytical Applications Infrastructure
 
Pivotal Software Spring Web Services
 
Oracle Flexcube Private Banking
 

Affected Versions

Spring Web Services:

Exploit Probability

EPSS
0.33%
Percentile
55.78%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.