Details of VAR-202001-1870

ID

VAR-202001-1870

CVE

CVE-2020-5398

TITLE

Spring Framework Vulnerabilities in the integrity of downloaded code

Trust: 0.8

sources: JVNDB: JVNDB-2020-001405

DESCRIPTION

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. Spring Framework Contains a vulnerability in the integrity verification of downloaded code.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. A cross-site scripting vulnerability exists in Pivotal Software Spring Framework 5.2.x prior to 5.2.3, 5.1.x prior to 5.1.13, and 5.0.x prior to 5.0.16. A remote attacker could exploit this vulnerability to obtain sensitive information by conducting a Reflected File Download (RFD) attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.8.0 release and security update Advisory ID: RHSA-2020:5568-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2020:5568 Issue date: 2020-12-16 CVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210 CVE-2019-2692 CVE-2019-3773 CVE-2019-3774 CVE-2019-10202 CVE-2019-10219 CVE-2019-11777 CVE-2019-12406 CVE-2019-12423 CVE-2019-13990 CVE-2019-14900 CVE-2019-17566 CVE-2019-17638 CVE-2019-19343 CVE-2020-1714 CVE-2020-1719 CVE-2020-1950 CVE-2020-1960 CVE-2020-5398 CVE-2020-7226 CVE-2020-9488 CVE-2020-9489 CVE-2020-10683 CVE-2020-10740 CVE-2020-11612 CVE-2020-11971 CVE-2020-11972 CVE-2020-11973 CVE-2020-11980 CVE-2020-11989 CVE-2020-11994 CVE-2020-13692 CVE-2020-13933 CVE-2020-14326 ==================================================================== 1. Summary: A minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse 7.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * libquartz: XXE attacks via job description (CVE-2019-13990) * jetty: double release of resource can lead to information disclosure (CVE-2019-17638) * keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714) * springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution (CVE-2020-11972) * camel: Netty enables Java deserialization by default which could leed to remote code execution (CVE-2020-11973) * shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass (CVE-2020-11989) * camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994) * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) * shiro: specially crafted HTTP request may cause an authentication bypass (CVE-2020-13933) * RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326) * jackson-modules-java8: DoS due to an Improper Input Validation (CVE-2018-1000873) * thrift: Endless loop when feed with specific input data (CVE-2019-0205) * thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * mysql-connector-java: privilege escalation in MySQL connector (CVE-2019-2692) * spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3773) * spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3774) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219) * org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library (CVE-2019-11777) * cxf: does not restrict the number of message attachments (CVE-2019-12406) * cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343) * Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719) * apache-flink: JMX information disclosure vulnerability (CVE-2020-1960) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers (CVE-2020-9489) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * camel: DNS Rebinding in JMX Connector could result in remote command execution (CVE-2020-11971) * karaf: A remote client could create MBeans from arbitrary URLs (CVE-2020-11980) * tika: excessive memory usage in PSDParser (CVE-2020-1950) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability 1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution 1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution 1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers 1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass 1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS 1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure 1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass 1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library 5. References: https://access.redhat.com/security/cve/CVE-2018-1000873 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-2692 https://access.redhat.com/security/cve/CVE-2019-3773 https://access.redhat.com/security/cve/CVE-2019-3774 https://access.redhat.com/security/cve/CVE-2019-10202 https://access.redhat.com/security/cve/CVE-2019-10219 https://access.redhat.com/security/cve/CVE-2019-11777 https://access.redhat.com/security/cve/CVE-2019-12406 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-13990 https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2019-17566 https://access.redhat.com/security/cve/CVE-2019-17638 https://access.redhat.com/security/cve/CVE-2019-19343 https://access.redhat.com/security/cve/CVE-2020-1714 https://access.redhat.com/security/cve/CVE-2020-1719 https://access.redhat.com/security/cve/CVE-2020-1950 https://access.redhat.com/security/cve/CVE-2020-1960 https://access.redhat.com/security/cve/CVE-2020-5398 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-9488 https://access.redhat.com/security/cve/CVE-2020-9489 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-11612 https://access.redhat.com/security/cve/CVE-2020-11971 https://access.redhat.com/security/cve/CVE-2020-11972 https://access.redhat.com/security/cve/CVE-2020-11973 https://access.redhat.com/security/cve/CVE-2020-11980 https://access.redhat.com/security/cve/CVE-2020-11989 https://access.redhat.com/security/cve/CVE-2020-11994 https://access.redhat.com/security/cve/CVE-2020-13692 https://access.redhat.com/security/cve/CVE-2020-13933 https://access.redhat.com/security/cve/CVE-2020-14326 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.8.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X kJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X YJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd 7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg z66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y AwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN 0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH ZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT RH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh PgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0 Mtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA f8t2frnd7kM=jGVK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2020-5398 // JVNDB: JVNDB-2020-001405 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-183523 // VULMON: CVE-2020-5398 // PACKETSTORM: 160562

AFFECTED PRODUCTS

vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	oracle	model:	retail financial integration	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	oracle	model:	communications cloud native core policy	scope:	eq	version:	1.5.0	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	lt	version:	5.2.3	Trust: 1.0
vendor:	oracle	model:	healthcare master person index	scope:	eq	version:	4.0.2	Trust: 1.0
vendor:	oracle	model:	rapid planning	scope:	eq	version:	12.2	Trust: 1.0
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	16.0.3	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	retail back office	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	financial services regulatory reporting with agilereporter	scope:	eq	version:	8.0.9.2.0	Trust: 1.0
vendor:	oracle	model:	insurance calculation engine	scope:	gte	version:	11.0.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management elastic charging engine	scope:	eq	version:	11.3	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	retail predictive application server	scope:	eq	version:	15.0.3	Trust: 1.0
vendor:	oracle	model:	retail assortment planning	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	gte	version:	5.1.0	Trust: 1.0
vendor:	oracle	model:	communications policy management	scope:	eq	version:	12.5.0	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications billing and revenue management elastic charging engine	scope:	eq	version:	12.0	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	gte	version:	4.0.0	Trust: 1.0
vendor:	oracle	model:	retail predictive application server	scope:	eq	version:	14.1.3.0	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	oracle	model:	retail assortment planning	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	15.0.3	Trust: 1.0
vendor:	oracle	model:	rapid planning	scope:	eq	version:	12.1	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	retail bulk data integration	scope:	eq	version:	16.0.3.0	Trust: 1.0
vendor:	netapp	model:	data availability services	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	retail point-of-service	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	oracle	model:	siebel engineering - installer \& deployment	scope:	lte	version:	2.1.1	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	gte	version:	5.2.0	Trust: 1.0
vendor:	oracle	model:	retail predictive application server	scope:	eq	version:	14.0.3	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	oracle	model:	insurance calculation engine	scope:	lte	version:	11.3.1	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	4.0.12	Trust: 1.0
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.2.1.0	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	lt	version:	5.1.13	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	lt	version:	5.0.16	Trust: 1.0
vendor:	oracle	model:	retail predictive application server	scope:	eq	version:	16.0.3.0	Trust: 1.0
vendor:	oracle	model:	mysql	scope:	lte	version:	8.0.20	Trust: 1.0
vendor:	oracle	model:	retail central office	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	application testing suite	scope:	eq	version:	13.3.0.1	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.2.2.0	Trust: 1.0
vendor:	oracle	model:	retail financial integration	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	pivotal	model:	spring framework	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-001405 // NVD: CVE-2020-5398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5398
value:	HIGH
Trust: 1.0
security@pivotal.io:	CVE-2020-5398
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-5398
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202001-839
value:	HIGH
Trust: 0.6
VULHUB:	VHN-183523
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-5398
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-5398
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-183523
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5398
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
security@pivotal.io:	CVE-2020-5398
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2020-5398
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183523 // VULMON: CVE-2020-5398 // JVNDB: JVNDB-2020-001405 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202001-839 // NVD: CVE-2020-5398 // NVD: CVE-2020-5398

PROBLEMTYPE DATA

problemtype:	CWE-494	Trust: 1.9
problemtype:	CWE-79	Trust: 1.0

sources: VULHUB: VHN-183523 // JVNDB: JVNDB-2020-001405 // NVD: CVE-2020-5398

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 160562 // CNNVD: CNNVD-202001-839

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001405

PATCH

title:	CVE-2020-5398: RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application	url:	https://pivotal.io/security/cve-2020-5398	Trust: 0.8
title:	Pivotal Software Spring Framework Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110175	Trust: 0.6
title:	Red Hat: Important: Red Hat Fuse 7.8.0 release and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205568 - Security Advisory	Trust: 0.1
title:	CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC	url:	https://github.com/motikan2010/CVE-2020-5398	Trust: 0.1
title:	Wapiti - Web Vulnerability Scanner	url:	https://github.com/wapiti-scanner/wapiti	Trust: 0.1
title:	SpringSecurity	url:	https://github.com/ax1sX/SpringSecurity	Trust: 0.1
title:	-	url:	https://github.com/pctF/vulnerable-app	Trust: 0.1

sources: VULMON: CVE-2020-5398 // JVNDB: JVNDB-2020-001405 // CNNVD: CNNVD-202001-839

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5398	Trust: 2.7
db:	JVNDB	id:	JVNDB-2020-001405	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-839	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021042844	Trust: 0.6
db:	CS-HELP	id:	SB2021072772	Trust: 0.6
db:	CS-HELP	id:	SB2021072132	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4464	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3485	Trust: 0.6
db:	VULHUB	id:	VHN-183523	Trust: 0.1
db:	VULMON	id:	CVE-2020-5398	Trust: 0.1
db:	PACKETSTORM	id:	160562	Trust: 0.1

sources: VULHUB: VHN-183523 // VULMON: CVE-2020-5398 // JVNDB: JVNDB-2020-001405 // PACKETSTORM: 160562 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202001-839 // NVD: CVE-2020-5398

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.3
url:	https://pivotal.io/security/cve-2020-5398	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210917-0006/	Trust: 1.7
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2020.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5398	Trust: 1.4
url:	https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3cissues.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3cissues.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3cissues.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3ccommits.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3cissues.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3cdev.rocketmq.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3cissues.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3cissues.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3cissues.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3cdev.rocketmq.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3ccommits.servicecomb.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3cissues.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3cissues.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3ccommits.servicecomb.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3cdev.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3cdev.ambari.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3cissues.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3ccommits.servicecomb.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3cissues.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3cdev.geode.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3cdev.rocketmq.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3cdev.geode.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3cdev.rocketmq.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3ccommits.karaf.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3ccommits.camel.apache.org%3e	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5398	Trust: 0.8
url:	https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3cdev.rocketmq.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6@%3cdev.rocketmq.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46@%3ccommits.servicecomb.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3ccommits.servicecomb.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d@%3ccommits.servicecomb.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3@%3cdev.rocketmq.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3ccommits.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3cdev.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3cdev.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3cissues.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3cissues.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8@%3ccommits.camel.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f@%3cdev.geode.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc@%3cdev.geode.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc@%3ccommits.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090@%3cissues.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d@%3cissues.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc@%3cissues.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b@%3cissues.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf@%3cissues.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682@%3cissues.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048@%3cissues.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163@%3cissues.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad@%3cissues.karaf.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160@%3cdev.rocketmq.apache.org%3e	Trust: 0.7
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072772	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4464/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072132	Trust: 0.6
url:	https://vigilance.fr/vulnerability/spring-framework-file-reading-via-content-disposition-reflected-file-download-31360	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042844	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujul2021.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3485/	Trust: 0.6
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1719	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.8.0	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12406	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11972	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-2692	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9488	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000873	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11989	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10740	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17566	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11980	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11972	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1950	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12406	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11989	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3774	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0210	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11612	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11980	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1960	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0205	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1393	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17566	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000873	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7226	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10219	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9489	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14326	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13692	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14900	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0210	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10202	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10202	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10683	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13692	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10683	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11994	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10219	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1714	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-5398	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11777	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14900	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13933	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12423	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3774	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10740	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11612	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12423	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2692	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19343	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11994	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19343	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5568	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3773	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0205	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11777	Trust: 0.1

sources: VULHUB: VHN-183523 // JVNDB: JVNDB-2020-001405 // PACKETSTORM: 160562 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202001-839 // NVD: CVE-2020-5398

CREDITS

Red Hat

Trust: 0.1

sources: PACKETSTORM: 160562

SOURCES

db:	VULHUB	id:	VHN-183523
db:	VULMON	id:	CVE-2020-5398
db:	JVNDB	id:	JVNDB-2020-001405
db:	PACKETSTORM	id:	160562
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202001-839
db:	NVD	id:	CVE-2020-5398

LAST UPDATE DATE

2024-08-14T12:29:28.040000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183523	date:	2022-07-25T00:00:00
db:	VULMON	id:	CVE-2020-5398	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-001405	date:	2020-02-06T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202001-839	date:	2022-07-26T00:00:00
db:	NVD	id:	CVE-2020-5398	date:	2023-11-07T03:23:46.420

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183523	date:	2020-01-17T00:00:00
db:	VULMON	id:	CVE-2020-5398	date:	2020-01-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-001405	date:	2020-02-06T00:00:00
db:	PACKETSTORM	id:	160562	date:	2020-12-16T18:17:52
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202001-839	date:	2020-01-16T00:00:00
db:	NVD	id:	CVE-2020-5398	date:	2020-01-17T00:15:12.103