CVE-2020-5421

CVE Database · CVE-2020-5421

CVE-2020-5421

· MEDIUMModified

CVSS v3.1

6.5

EPSS

10.74%

Published

Sep 19, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

Affected Products (77)

vmware · spring_framework (up to 4.3.29)vulnerable

vmware · spring_framework (up to 5.0.19)vulnerable

vmware · spring_framework (up to 5.1.18)vulnerable

vmware · spring_framework (up to 5.2.9)vulnerable

oracle · commerce_guided_searchvulnerable

oracle · communications_brmvulnerable

oracle · communications_design_studiovulnerable