Описание
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- Third Party Advisory
- MitigationVendor Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- Third Party Advisory
- MitigationVendor Advisory
- Third Party Advisory
- US Government Resource
- Third Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.2.20 (исключая)Версия от 5.3.0 (включая) до 5.3.18 (исключая)Версия от 9 (включая)
Одновременно
Одно из
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 2.1.0 (исключая)
cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*
Конфигурация 3Версия до 8.0.29 (исключая)Версия до 2.0.4 (исключая)
Одно из
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
Конфигурация 4
Одно из
cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*
Конфигурация 5
Одно из
cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*
cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*
cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*
cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*
Конфигурация 6Версия до 2.0.4 (исключая)Версия до 1.2.1 (исключая)Версия до 1.0.3 (исключая)
Одно из
cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*
cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*
Конфигурация 7
Одно из
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.9446
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94
CWE-94
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 3 лет назад
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVSS3: 8.1
redhat
около 3 лет назад
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVSS3: 9.8
debian
около 3 лет назад
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...
CVSS3: 8.8
fstec
около 3 лет назад
Уязвимость модуля Spring Core программной платформы Spring Framework, позволяющая нарушителю выполнить произвольный код
EPSS
Процентиль: 100%
0.9446
Критический
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-94
CWE-94