pivotalsoftware spring-framework CVE-2020-5421 vulnerability in Pivotal Software and Other Products
Published on September 19, 2020

RFD Protection Bypass via jsessionid

product logo product logo product logo product logo product logo product logo
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

NVD


Products Associated with CVE-2020-5421

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-5421 are published in these products:

Pivotal Software Spring Framework
 
Apache Ambari
 
Apache Hive
 
Oracle Communications Brm
 
Oracle Communications Session Report Manager
 
Oracle Communications Unified Inventory Management
 
Oracle Endeca Information Discovery Integrator
 
Oracle Enterprise Data Quality
 
Oracle Financial Services Analytical Applications Infrastructure
 
Oracle Flexcube Private Banking
 
Oracle Fusion Middleware
 
Oracle Goldengate Application Adapters
 
Oracle Healthcare Master Person Index
 
Oracle Hyperion Infrastructure Technology
 
Oracle Insurance Policy Administration
 
Oracle Insurance Rules Palette
 
Oracle Mysql Enterprise Monitor
 
Oracle Primavera Gateway
 
Oracle Primavera P6 Enterprise Project Portfolio Management
 
Oracle Retail Assortment Planning
 
Oracle Retail Bulk Data Integration
 
Oracle Retail Customer Engagement
 
Oracle Retail Customer Management Segmentation Foundation
 
Oracle Retail Financial Integration
 
Oracle Retail Integration Bus
 
Oracle Retail Invoice Matching
 
Oracle Retail Merchandising System
 
Oracle Retail Order Broker
 
Oracle Retail Predictive Application Server
 
Oracle Retail Returns Management
 
Oracle Retail Service Backbone
 
Oracle Retail Xstore Point Of Service
 
Oracle Storagetek Tape Analytics Sw Tool
 
Oracle Weblogic Server
 
NetApp Oncommand Insight
 
NetApp Snap Creator Framework
 
NetApp Snapcenter
 
Oracle Communications Design Studio
 
VMware Spring Framework
 
Oracle Commerce Guided Search
 
Oracle Storagetek Acsls
 

Affected Versions

Spring by VMware Spring Framework:

Exploit Probability

EPSS
63.83%
Percentile
98.38%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.