ID

VAR-202001-1869


CVE

CVE-2020-5397


TITLE

Spring Framework Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2020-001404

DESCRIPTION

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. Spring Framework Contains a cross-site request forgery vulnerability.Information may be altered. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 1.71

sources: NVD: CVE-2020-5397 // JVNDB: JVNDB-2020-001404 // VULHUB: VHN-183522

AFFECTED PRODUCTS

vendor:oraclemodel:retail integration busscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:lteversion:11.3.1

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:8.0.20

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:retail returns managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.0

Trust: 1.0

vendor:oraclemodel:communications policy managementscope:eqversion:12.5.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.1.0

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.1.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:gteversion:4.0.0

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.2

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:12.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.2.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:financial services regulatory reporting with agilereporterscope:eqversion:8.0.9.2.0

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:gteversion:5.2.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:10.2.4

Trust: 1.0

vendor:oraclemodel:insurance calculation enginescope:gteversion:11.0.0

Trust: 1.0

vendor:oraclemodel:healthcare master person indexscope:eqversion:4.0.2

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.1.0

Trust: 1.0

vendor:oraclemodel:insurance rules palettescope:eqversion:11.0.2

Trust: 1.0

vendor:oraclemodel:application testing suitescope:eqversion:13.3.0.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:retail order brokerscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.0.3

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:10.2.0

Trust: 1.0

vendor:oraclemodel:insurance policy administration j2eescope:eqversion:11.2.0

Trust: 1.0

vendor:oraclemodel:rapid planningscope:eqversion:12.1

Trust: 1.0

vendor:oraclemodel:mysql enterprise monitorscope:lteversion:4.0.12

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.1.1

Trust: 1.0

vendor:vmwaremodel:spring frameworkscope:ltversion:5.2.3

Trust: 1.0

vendor:oraclemodel:communications brm - elastic charging enginescope:eqversion:11.3

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:retail assortment planningscope:eqversion:16.0

Trust: 1.0

vendor:pivotalmodel:spring frameworkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-001404 // NVD: CVE-2020-5397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5397
value: MEDIUM

Trust: 1.0

security@pivotal.io: CVE-2020-5397
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-5397
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-841
value: MEDIUM

Trust: 0.6

VULHUB: VHN-183522
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-5397
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-183522
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

security@pivotal.io: CVE-2020-5397
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-5397
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // CNNVD: CNNVD-202001-841 // NVD: CVE-2020-5397 // NVD: CVE-2020-5397

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // NVD: CVE-2020-5397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-841

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-202001-841

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001404

PATCH

title:CVE-2020-5397: CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFluxurl:https://pivotal.io/security/cve-2020-5397

Trust: 0.8

title:Pivotal Software Spring Framework Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=107142

Trust: 0.6

sources: JVNDB: JVNDB-2020-001404 // CNNVD: CNNVD-202001-841

EXTERNAL IDS

db:NVDid:CVE-2020-5397

Trust: 2.5

db:JVNDBid:JVNDB-2020-001404

Trust: 0.8

db:CNNVDid:CNNVD-202001-841

Trust: 0.7

db:NSFOCUSid:48040

Trust: 0.6

db:VULHUBid:VHN-183522

Trust: 0.1

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // CNNVD: CNNVD-202001-841 // NVD: CVE-2020-5397

REFERENCES

url:https://pivotal.io/security/cve-2020-5397

Trust: 1.7

url:https://www.oracle.com//security-alerts/cpujul2021.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-5397

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5397

Trust: 0.8

url:http://www.nsfocus.net/vulndb/48040

Trust: 0.6

url:https://vigilance.fr/vulnerability/spring-framework-cross-site-request-forgery-via-cors-preflight-requests-31363

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/

Trust: 0.6

sources: VULHUB: VHN-183522 // JVNDB: JVNDB-2020-001404 // CNNVD: CNNVD-202001-841 // NVD: CVE-2020-5397

CREDITS

Eric Zimanyi from Google

Trust: 0.6

sources: CNNVD: CNNVD-202001-841

SOURCES

db:VULHUBid:VHN-183522
db:JVNDBid:JVNDB-2020-001404
db:CNNVDid:CNNVD-202001-841
db:NVDid:CVE-2020-5397

LAST UPDATE DATE

2024-11-23T23:11:34.722000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-183522date:2022-07-25T00:00:00
db:JVNDBid:JVNDB-2020-001404date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-841date:2022-07-26T00:00:00
db:NVDid:CVE-2020-5397date:2024-11-21T05:34:03.850

SOURCES RELEASE DATE

db:VULHUBid:VHN-183522date:2020-01-17T00:00:00
db:JVNDBid:JVNDB-2020-001404date:2020-02-06T00:00:00
db:CNNVDid:CNNVD-202001-841date:2020-01-16T00:00:00
db:NVDid:CVE-2020-5397date:2020-01-17T19:15:14.727