Sign-up

ID

VAR-202001-1869


CVE

CVE-2020-5397


TITLE

Spring Framework Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2020-001404

DESCRIPTION

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. Spring Framework Contains a cross-site request forgery vulnerability.Information may be altered. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 1.71

sources: NVD: CVE-2020-5397 // JVNDB: JVNDB-2020-001404 // VULHUB: VHN-183522

AFFECTED PRODUCTS

vendor:oraclemodel:mysql enterprise monitorscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.1.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:gteversion:4.0.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:5.2.3

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:4.0.2

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.2

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:financial services regulatory reporting with agilereporterscope:eqversion:8.0.9.2.0

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:gteversion:11.0.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.0

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications policy managementscope:eqversion:12.5.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:4.0.12

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.1

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.2.0

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:11.3

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.20

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:12.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.0.2

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:5.2.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0.3

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.2.0

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:lteversion:11.3.1

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.1.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.1.0

Trust: 1.0

vendor:pivotalmodel:spring frameworkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-001404 // NVD: CVE-2020-5397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5397
value: MEDIUM

Trust: 1.0

security@pivotal.io: CVE-2020-5397
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-5397
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-841
value: MEDIUM

Trust: 0.6

VULHUB: VHN-183522
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-5397
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-183522
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

security@pivotal.io: CVE-2020-5397
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-5397
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // CNNVD: CNNVD-202001-841 // NVD: CVE-2020-5397 // NVD: CVE-2020-5397

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // NVD: CVE-2020-5397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-841

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202001-841

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-001404

PATCH
title:CVE-2020-5397: CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFluxurl:https://pivotal.io/security/cve-2020-5397
Trust: 0.8
title:Pivotal Software Spring Framework Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107142
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-001404 // 
            
            
            
            CNNVD: CNNVD-202001-841

EXTERNAL IDS
db:NVDid:CVE-2020-5397
Trust: 2.5
db:JVNDBid:JVNDB-2020-001404
Trust: 0.8
db:CNNVDid:CNNVD-202001-841
Trust: 0.7
db:NSFOCUSid:48040
Trust: 0.6
db:VULHUBid:VHN-183522
Trust: 0.1
sources:
            
            
            VULHUB: VHN-183522 // 
            
            
            
            JVNDB: JVNDB-2020-001404 // 
            
            
            
            CNNVD: CNNVD-202001-841 // 
            
            
            
            NVD: CVE-2020-5397

REFERENCES
url:https://pivotal.io/security/cve-2020-5397
Trust: 1.7
url:https://www.oracle.com//security-alerts/cpujul2021.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuapr2020.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpujul2022.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuoct2020.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuoct2021.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-5397
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5397
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48040
Trust: 0.6
url:https://vigilance.fr/vulnerability/spring-framework-cross-site-request-forgery-via-cors-preflight-requests-31363
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-183522 // 
            
            
            
            JVNDB: JVNDB-2020-001404 // 
            
            
            
            CNNVD: CNNVD-202001-841 // 
            
            
            
            NVD: CVE-2020-5397

CREDITS
Eric Zimanyi from Google
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202001-841

SOURCES
db:VULHUBid:VHN-183522
db:JVNDBid:JVNDB-2020-001404
db:CNNVDid:CNNVD-202001-841
db:NVDid:CVE-2020-5397

LAST UPDATE DATE
2024-08-14T15:07:21.856000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-183522date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2020-001404date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-841date:2022-07-26T00:00:00
db:NVDid:CVE-2020-5397date:2022-07-25T18:15:30.737

SOURCES RELEASE DATE
db:VULHUBid:VHN-183522date:2020-01-17T00:00:00
db:JVNDBid:JVNDB-2020-001404date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-841date:2020-01-16T00:00:00
db:NVDid:CVE-2020-5397date:2020-01-17T19:15:14.727