ID

VAR-202001-1869


CVE

CVE-2020-5397


TITLE

Spring Framework Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2020-001404

DESCRIPTION

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. Spring Framework Contains a cross-site request forgery vulnerability.Information may be altered. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 1.71

sources: NVD: CVE-2020-5397 // JVNDB: JVNDB-2020-001404 // VULHUB: VHN-183522

AFFECTED PRODUCTS

vendor:oraclemodel:mysql enterprise monitorscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.1.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:gteversion:4.0.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:5.2.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:4.0.2

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.2

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:financial services regulatory reporting with agilereporterscope:eqversion:8.0.9.2.0

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:gteversion:11.0.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.0

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications policy managementscope:eqversion:12.5.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:4.0.12

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.1

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.2.0

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:11.3

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.20

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:12.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.0.2

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:5.2.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0.3

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.2.0

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:lteversion:11.3.1

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.1.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.1.0

Trust: 1.0

vendor:pivotalmodel:spring frameworkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-001404 // NVD: CVE-2020-5397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5397
value: MEDIUM

Trust: 1.0

security@pivotal.io: CVE-2020-5397
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-5397
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-841
value: MEDIUM

Trust: 0.6

VULHUB: VHN-183522
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-5397
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-183522
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

security@pivotal.io: CVE-2020-5397
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-5397
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // CNNVD: CNNVD-202001-841 // NVD: CVE-2020-5397 // NVD: CVE-2020-5397

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // NVD: CVE-2020-5397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-841

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202001-841

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001404

PATCH

title:CVE-2020-5397: CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFluxurl:https://pivotal.io/security/cve-2020-5397

Trust: 0.8

title:Pivotal Software Spring Framework Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107142

Trust: 0.6

sources: JVNDB: JVNDB-2020-001404 // CNNVD: CNNVD-202001-841

EXTERNAL IDS

db:NVDid:CVE-2020-5397

Trust: 2.5

db:JVNDBid:JVNDB-2020-001404

Trust: 0.8

db:CNNVDid:CNNVD-202001-841

Trust: 0.7

db:NSFOCUSid:48040

Trust: 0.6

db:VULHUBid:VHN-183522

Trust: 0.1

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // CNNVD: CNNVD-202001-841 // NVD: CVE-2020-5397

REFERENCES

url:https://pivotal.io/security/cve-2020-5397

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-5397

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5397

Trust: 0.8

url:http://www.nsfocus.net/vulndb/48040

Trust: 0.6

url:https://vigilance.fr/vulnerability/spring-framework-cross-site-request-forgery-via-cors-preflight-requests-31363

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/

Trust: 0.6

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // CNNVD: CNNVD-202001-841 // NVD: CVE-2020-5397

CREDITS

Eric Zimanyi from Google

Trust: 0.6

sources: CNNVD: CNNVD-202001-841

SOURCES

db:VULHUBid:VHN-183522
db:JVNDBid:JVNDB-2020-001404
db:CNNVDid:CNNVD-202001-841
db:NVDid:CVE-2020-5397

LAST UPDATE DATE

2024-08-14T15:07:21.856000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-183522date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2020-001404date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-841date:2022-07-26T00:00:00
db:NVDid:CVE-2020-5397date:2022-07-25T18:15:30.737

SOURCES RELEASE DATE

db:VULHUBid:VHN-183522date:2020-01-17T00:00:00
db:JVNDBid:JVNDB-2020-001404date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-841date:2020-01-16T00:00:00
db:NVDid:CVE-2020-5397date:2020-01-17T19:15:14.727