Details of VAR-202009-1625

ID

VAR-202009-1625

CVE

CVE-2020-5421

TITLE

Spring Framework Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-011682

DESCRIPTION

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. Spring Framework Contains an unspecified vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The following products and versions are affected: 5.2.0 - 5.2.8, 5.1.0 to 5.1.17, 5.0.0 to 5.0.18, 4.3.0 to 4.3.28 and earlier unsupported versions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Fuse 7.9.0 release and security update Advisory ID: RHSA-2021:3140-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2021:3140 Issue date: 2021-08-11 CVE Names: CVE-2017-5645 CVE-2017-18640 CVE-2019-12402 CVE-2019-14887 CVE-2019-16869 CVE-2019-20445 CVE-2020-1695 CVE-2020-1925 CVE-2020-1935 CVE-2020-1938 CVE-2020-5410 CVE-2020-5421 CVE-2020-6950 CVE-2020-9484 CVE-2020-10688 CVE-2020-10693 CVE-2020-10714 CVE-2020-10719 CVE-2020-11996 CVE-2020-13920 CVE-2020-13934 CVE-2020-13935 CVE-2020-13936 CVE-2020-13954 CVE-2020-13956 CVE-2020-14040 CVE-2020-14297 CVE-2020-14338 CVE-2020-14340 CVE-2020-17510 CVE-2020-17518 CVE-2020-25633 CVE-2020-25638 CVE-2020-25640 CVE-2020-25644 CVE-2020-26258 CVE-2020-26945 CVE-2020-27216 CVE-2020-28052 CVE-2021-27807 CVE-2021-27906 CVE-2021-28165 ===================================================================== 1. Summary: A minor version update (from 7.8 to 7.9) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.9.0 serves as a replacement for Red Hat Fuse 7.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hawtio-osgi (CVE-2017-5645) * prometheus-jmx-exporter: snakeyaml (CVE-2017-18640) * apache-commons-compress (CVE-2019-12402) * karaf-transaction-manager-narayana: netty (CVE-2019-16869, CVE-2019-20445) * tomcat (CVE-2020-1935, CVE-2020-1938, CVE-2020-9484, CVE-2020-13934, CVE-2020-13935, CVE-2020-11996) * spring-cloud-config-server (CVE-2020-5410) * velocity (CVE-2020-13936) * httpclient: apache-httpclient (CVE-2020-13956) * shiro-core: shiro (CVE-2020-17510) * hibernate-core (CVE-2020-25638) * wildfly-openssl (CVE-2020-25644) * jetty (CVE-2020-27216, CVE-2021-28165) * bouncycastle (CVE-2020-28052) * wildfly (CVE-2019-14887, CVE-2020-25640) * resteasy-jaxrs: resteasy (CVE-2020-1695) * camel-olingo4 (CVE-2020-1925) * springframework (CVE-2020-5421) * jsf-impl: Mojarra (CVE-2020-6950) * resteasy (CVE-2020-10688) * hibernate-validator (CVE-2020-10693) * wildfly-elytron (CVE-2020-10714) * undertow (CVE-2020-10719) * activemq (CVE-2020-13920) * cxf-core: cxf (CVE-2020-13954) * fuse-apicurito-operator-container: golang.org/x/text (CVE-2020-14040) * jboss-ejb-client: wildfly (CVE-2020-14297) * xercesimpl: wildfly (CVE-2020-14338) * xnio (CVE-2020-14340) * flink: apache-flink (CVE-2020-17518) * resteasy-client (CVE-2020-25633) * xstream (CVE-2020-26258) * mybatis (CVE-2020-26945) * pdfbox (CVE-2021-27807, CVE-2021-27906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.9.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1443635 - CVE-2017-5645 log4j: Socket receiver deserialization vulnerability 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1758619 - CVE-2019-16869 netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers 1764640 - CVE-2019-12402 apache-commons-compress: Infinite loop in name encoding algorithm 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1785376 - CVE-2017-18640 snakeyaml: Billion laughs attack via alias feature 1790309 - CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl 1798509 - CVE-2019-20445 netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability 1806835 - CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE 1845626 - CVE-2020-5410 spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack 1851420 - CVE-2020-11996 tomcat: specially crafted sequence of HTTP/2 requests can lead to DoS 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857024 - CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS 1857040 - CVE-2020-13934 tomcat: OutOfMemoryException caused by HTTP/2 connection leak could lead to DoS 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS 1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling 1880101 - CVE-2020-13920 activemq: improper authentication allows MITM attack 1881158 - CVE-2020-5421 springframework: RFD protection bypass via jsessionid 1881353 - CVE-2020-25638 hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used 1881637 - CVE-2020-25640 wildfly: resource adapter logs plaintext JMS password at warning level on connection error 1885485 - CVE-2020-25644 wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1887257 - CVE-2020-26945 mybatis: mishandles deserialization of object streams which could result in remote code execution 1891132 - CVE-2020-27216 jetty: local temporary directory hijacking vulnerability 1898235 - CVE-2020-13954 cxf: XSS via the styleSheetPath 1903727 - CVE-2020-17510 shiro: specially crafted HTTP request may cause an authentication bypass 1908832 - CVE-2020-26258 XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling 1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1913312 - CVE-2020-17518 apache-flink: directory traversal attack allows remote file writing through the REST API 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1941050 - CVE-2021-27906 pdfbox: OutOfMemory-Exception while loading a crafted PDF file 1941055 - CVE-2021-27807 pdfbox: infinite loop while loading a crafted PDF file 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 5. References: https://access.redhat.com/security/cve/CVE-2017-5645 https://access.redhat.com/security/cve/CVE-2017-18640 https://access.redhat.com/security/cve/CVE-2019-12402 https://access.redhat.com/security/cve/CVE-2019-14887 https://access.redhat.com/security/cve/CVE-2019-16869 https://access.redhat.com/security/cve/CVE-2019-20445 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1925 https://access.redhat.com/security/cve/CVE-2020-1935 https://access.redhat.com/security/cve/CVE-2020-1938 https://access.redhat.com/security/cve/CVE-2020-5410 https://access.redhat.com/security/cve/CVE-2020-5421 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-9484 https://access.redhat.com/security/cve/CVE-2020-10688 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10719 https://access.redhat.com/security/cve/CVE-2020-11996 https://access.redhat.com/security/cve/CVE-2020-13920 https://access.redhat.com/security/cve/CVE-2020-13934 https://access.redhat.com/security/cve/CVE-2020-13935 https://access.redhat.com/security/cve/CVE-2020-13936 https://access.redhat.com/security/cve/CVE-2020-13954 https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/cve/CVE-2020-14338 https://access.redhat.com/security/cve/CVE-2020-14340 https://access.redhat.com/security/cve/CVE-2020-17510 https://access.redhat.com/security/cve/CVE-2020-17518 https://access.redhat.com/security/cve/CVE-2020-25633 https://access.redhat.com/security/cve/CVE-2020-25638 https://access.redhat.com/security/cve/CVE-2020-25640 https://access.redhat.com/security/cve/CVE-2020-25644 https://access.redhat.com/security/cve/CVE-2020-26258 https://access.redhat.com/security/cve/CVE-2020-26945 https://access.redhat.com/security/cve/CVE-2020-27216 https://access.redhat.com/security/cve/CVE-2020-28052 https://access.redhat.com/security/cve/CVE-2021-27807 https://access.redhat.com/security/cve/CVE-2021-27906 https://access.redhat.com/security/cve/CVE-2021-28165 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.9.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYRQVh9zjgjWX9erEAQjAxg/+O0wRNyDejQCX7SWv2Lvo5YZVE9Azv+hd pWFbtNu1cruoiUWY2vqArIH8KmZXWYS/EDQCe4PfIB0wKZfx9dS7y19Ct4swE4Y2 3L0DRVp9YLoqZC3ndVIk3W+RSLEODc5S3IAi6twXlmiZlAwPJXDvcs7aeUAPGc0m 93Y3lZofrpaEnyEVdoUsz0M47mQQYxNJ1nPF9FuUDsOXUqiu18JS9DsuyWwONyKw dPCxfHf3ioI+ymsYjoO+fIcu3dR6lGryvsEFY3dnXePiLlp5NBrRW359K6EQGM/e f1PsXzVYrWMikmxpGaOM7KkoLPAcvtznd4G62ZGUODyAEUKLderr9M7zG88Eg2gG Ycw5D4UkJ+QZB/qHlQJHLrrzuPybGBXSdl2VLTF/m7YZSE9C2yW1ZatyahhdEP3T +MmzU6mnbuPCrYjwL/AgCGx3ap52+2eL5HvDzf7+5plY6MVpHZQb2iiIj6H58P6g ffxr6dGJdDtw5ovzls0Gor4sb69KJ+3xrRLg2C7cndd+3RJc8SCiCRUV9QE2IHTb H3cDXlNbYcqzDxQZNUUO13+GOEgXQLrIJokA3zNXzzYFr2tivmiWF6rKrJ6UnECl 86tpZfh4vcosv3nN6Cg9VAizrMm/84B4L3T4jm/mrN4SGg3CSJqa03r7ig3+oHFX H9jzBVxbmuk= =jp7z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2020-5421 // JVNDB: JVNDB-2020-011682 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-183546 // VULMON: CVE-2020-5421 // PACKETSTORM: 163798

AFFECTED PRODUCTS

vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	gte	version:	19.12.0	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	16.2.0	Trust: 1.0
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	oracle	model:	communications brm	scope:	eq	version:	11.3.0.9	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	gte	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	18.8.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	gte	version:	16.1.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	19.0.2	Trust: 1.0
vendor:	oracle	model:	healthcare master person index	scope:	eq	version:	4.0.2.5	Trust: 1.0
vendor:	oracle	model:	retail customer engagement	scope:	gte	version:	16.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	lte	version:	19.12.10	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	communications design studio	scope:	eq	version:	7.3.4	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	19.12.0	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	lte	version:	11.3.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	14.1.1.0.0	Trust: 1.0
vendor:	netapp	model:	oncommand insight	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications unified inventory management	scope:	eq	version:	7.3.5	Trust: 1.0
vendor:	oracle	model:	retail predictive application server	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	storagetek acsls	scope:	eq	version:	8.5.1	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	retail returns management	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	15.0.3	Trust: 1.0
vendor:	oracle	model:	retail invoice matching	scope:	eq	version:	14.1	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	16.2.11	Trust: 1.0
vendor:	oracle	model:	retail financial integration	scope:	eq	version:	16.0.3	Trust: 1.0
vendor:	oracle	model:	retail bulk data integration	scope:	eq	version:	16.0.3.0	Trust: 1.0
vendor:	oracle	model:	enterprise data quality	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.1.3.0.0	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	lte	version:	19.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	lte	version:	8.2.2.1	Trust: 1.0
vendor:	oracle	model:	communications design studio	scope:	eq	version:	7.3.5	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	18.8.10	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	17.12.9	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	lt	version:	5.0.19	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	lte	version:	17.12.19	Trust: 1.0
vendor:	oracle	model:	communications unified inventory management	scope:	eq	version:	7.3.4	Trust: 1.0
vendor:	oracle	model:	mysql enterprise monitor	scope:	lte	version:	8.0.22	Trust: 1.0
vendor:	oracle	model:	retail assortment planning	scope:	eq	version:	16.0.3.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	lte	version:	11.3.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	lte	version:	18.8.21	Trust: 1.0
vendor:	oracle	model:	enterprise data quality	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	oracle	model:	mysql enterprise monitor	scope:	eq	version:	8.0.23	Trust: 1.0
vendor:	oracle	model:	retail financial integration	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	eq	version:	10.2	Trust: 1.0
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	16.0.3	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	15.0.3	Trust: 1.0
vendor:	oracle	model:	communications brm	scope:	eq	version:	12.0.0.3	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	gte	version:	18.1.0	Trust: 1.0
vendor:	oracle	model:	retail customer engagement	scope:	lte	version:	19.0	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	lt	version:	5.2.9	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	gte	version:	17.1.0	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	gte	version:	5.1.0	Trust: 1.0
vendor:	oracle	model:	storagetek tape analytics sw tool	scope:	eq	version:	2.3	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0.4	Trust: 1.0
vendor:	oracle	model:	retail merchandising system	scope:	eq	version:	16.0.3	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	gte	version:	16.0	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	lt	version:	5.1.18	Trust: 1.0
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	endeca information discovery integrator	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	lte	version:	16.2.20	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	15.0.4	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0.3	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0.6	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	lte	version:	19.12.10	Trust: 1.0
vendor:	oracle	model:	hyperion infrastructure technology	scope:	eq	version:	11.1.2.4	Trust: 1.0
vendor:	oracle	model:	commerce guided search	scope:	eq	version:	11.3.2	Trust: 1.0
vendor:	oracle	model:	primavera gateway	scope:	gte	version:	17.12.0	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	insurance policy administration	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	gte	version:	5.2.0	Trust: 1.0
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	14.1.3	Trust: 1.0
vendor:	oracle	model:	flexcube private banking	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	oracle	model:	goldengate application adapters	scope:	eq	version:	19.1.0.0.0	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	retail invoice matching	scope:	eq	version:	14.0	Trust: 1.0
vendor:	oracle	model:	retail service backbone	scope:	eq	version:	16.0.3	Trust: 1.0
vendor:	oracle	model:	weblogic server	scope:	eq	version:	10.3.6.0.0	Trust: 1.0
vendor:	oracle	model:	communications design studio	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	vmware	model:	spring framework	scope:	lt	version:	4.3.29	Trust: 1.0
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	retail financial integration	scope:	eq	version:	15.0.3	Trust: 1.0
vendor:	pivotal	model:	spring framework	scope:	-	version:	-	Trust: 0.8
vendor:	pivotal	model:	spring framework	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-011682 // NVD: CVE-2020-5421

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-5421
value:	MEDIUM
Trust: 1.0
security@pivotal.io:	CVE-2020-5421
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-5421
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202009-1050
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-183546
value:	LOW
Trust: 0.1
VULMON:	CVE-2020-5421
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-5421
severity:	LOW
baseScore:	3.6
vectorString:	AV:N/AC:H/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-183546
severity:	LOW
baseScore:	3.6
vectorString:	AV:N/AC:H/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-5421
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.3
impactScore:	4.7
version:	3.1
Trust: 1.0
security@pivotal.io:	CVE-2020-5421
baseSeverity:	HIGH
baseScore:	8.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	5.8
version:	3.0
Trust: 1.0
NVD:	CVE-2020-5421
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-183546 // VULMON: CVE-2020-5421 // JVNDB: JVNDB-2020-011682 // CNNVD: CNNVD-202009-1050 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-5421 // NVD: CVE-2020-5421

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-011682 // NVD: CVE-2020-5421

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 163798 // CNNVD: CNNVD-202009-1050

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202009-1050 // CNNVD: CNNVD-202104-975

PATCH

title:	CVE-2020-5421	url:	https://tanzu.vmware.com/security/cve-2020-5421	Trust: 0.8
title:	Pivotal Software Spring Framework Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128759	Trust: 0.6
title:	Debian CVElist Bug Report Logs: CVE-2020-5421	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e21ac0d0c68c20c593f7e586cb341ec5	Trust: 0.1
title:	ProjetDevJava	url:	https://github.com/delaval-htps/ProjetDevJava	Trust: 0.1
title:	Spring 安全漏洞 CVE-2020-5421复现	url:	https://github.com/pandaMingx/CVE-2020-5421	Trust: 0.1
title:	Vulnerability_Environment	url:	https://github.com/x-f1v3/Vulnerability_Environment	Trust: 0.1
title:	MergeBase LAST UPDATE 07/06/23: Vulnerable w/ Gradle	url:	https://github.com/emilywang0/MergeBase_test_vuln	Trust: 0.1
title:	SpringSecurity	url:	https://github.com/ax1sX/SpringSecurity	Trust: 0.1
title:	spring-boot-demo con Security CI/CD EJECUCION Errores Resultado final Log	url:	https://github.com/scordero1234/java_sec_demo-main	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/soosmile/POC	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1

sources: VULMON: CVE-2020-5421 // JVNDB: JVNDB-2020-011682 // CNNVD: CNNVD-202009-1050

EXTERNAL IDS

db:	NVD	id:	CVE-2020-5421	Trust: 2.7
db:	JVNDB	id:	JVNDB-2020-011682	Trust: 0.8
db:	CS-HELP	id:	SB2021042641	Trust: 0.6
db:	CS-HELP	id:	SB2021042319	Trust: 0.6
db:	CS-HELP	id:	SB2022042537	Trust: 0.6
db:	CS-HELP	id:	SB2021072778	Trust: 0.6
db:	CS-HELP	id:	SB2022012321	Trust: 0.6
db:	CS-HELP	id:	SB2021042542	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2731	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0318	Trust: 0.6
db:	CNNVD	id:	CNNVD-202009-1050	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-183546	Trust: 0.1
db:	VULMON	id:	CVE-2020-5421	Trust: 0.1
db:	PACKETSTORM	id:	163798	Trust: 0.1

sources: VULHUB: VHN-183546 // VULMON: CVE-2020-5421 // JVNDB: JVNDB-2020-011682 // PACKETSTORM: 163798 // CNNVD: CNNVD-202009-1050 // CNNVD: CNNVD-202104-975 // NVD: CVE-2020-5421

REFERENCES

url:	https://tanzu.vmware.com/security/cve-2020-5421	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 2.4
url:	https://security.netapp.com/advisory/ntap-20210513-0009/	Trust: 1.8
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5421	Trust: 1.4
url:	https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3cdev.ranger.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3cissues.ambari.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3cdev.ambari.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3cdev.ambari.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3ccommits.ambari.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3cissues.ambari.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3cdev.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3ccommits.pulsar.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3ccommits.pulsar.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3ccommits.pulsar.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3ccommits.pulsar.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3cuser.ignite.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3cuser.ignite.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3cissues.hive.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3ccommits.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3cdev.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3cdev.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3cissues.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3cissues.ambari.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3cdev.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3cissues.hive.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3cuser.ignite.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3cuser.ignite.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3ccommits.pulsar.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3ccommits.pulsar.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3ccommits.pulsar.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3ccommits.pulsar.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3cdev.ranger.apache.org%3e	Trust: 0.7
url:	https://www.ibm.com/support/pages/node/6443419	Trust: 0.6
url:	https://vigilance.fr/vulnerability/vmware-spring-framework-privilege-escalation-via-rfd-protection-bypass-33361	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-data-risk-manager-is-affected-by-multiple-vulnerabilities-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability-3/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072778	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujul2021.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-security-bypass-vulnerability-in-spring-framework-affects-ibm-control-center-cve-2020-5421/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-vulnerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-for-cloud-pak-for-data-1-2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-rational-test-control-panel-affected-by-spring-framework-vulnerability/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-spring-framework-as-used-by-ibm-qradar-siem-is-vulnerable-to-improper-input-validation-cve-2020-5421/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability-2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042319	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042537	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0318/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042542	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042641	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2731	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-spring-framework-vulnerability/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-spring/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012321	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-spring-framework-affects-ibm-tivoli-application-dependency-discovery-manager-cve-2020-5421-2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973381	Trust: 0.1
url:	https://github.com/delaval-htps/projetdevjava	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13936	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1925	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6950	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1935	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17510	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14338	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13920	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13954	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-18640	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3140	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13920	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-5410	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13934	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27216	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10688	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13934	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14887	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13935	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28165	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9484	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14297	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5645	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14338	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10693	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1695	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10714	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11996	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12402	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12402	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1925	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13954	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25640	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25638	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-5645	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14340	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.9.0	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14297	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-17510	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11996	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27807	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14340	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25633	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16869	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18640	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-26945	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25644	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1935	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13936	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-17518	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-27906	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-5421	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1938	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1938	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20445	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20445	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28052	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10693	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-17518	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10688	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13935	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1695	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14887	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10714	Trust: 0.1

CREDITS

Red Hat

Trust: 0.1

sources: PACKETSTORM: 163798

SOURCES

db:	VULHUB	id:	VHN-183546
db:	VULMON	id:	CVE-2020-5421
db:	JVNDB	id:	JVNDB-2020-011682
db:	PACKETSTORM	id:	163798
db:	CNNVD	id:	CNNVD-202009-1050
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2020-5421

LAST UPDATE DATE

2024-08-14T12:26:33.664000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-183546	date:	2023-03-01T00:00:00
db:	VULMON	id:	CVE-2020-5421	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-011682	date:	2021-04-09T05:31:00
db:	CNNVD	id:	CNNVD-202009-1050	date:	2022-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2020-5421	date:	2023-11-07T03:23:46.983

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-183546	date:	2020-09-19T00:00:00
db:	VULMON	id:	CVE-2020-5421	date:	2020-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-011682	date:	2021-04-09T00:00:00
db:	PACKETSTORM	id:	163798	date:	2021-08-12T15:42:56
db:	CNNVD	id:	CNNVD-202009-1050	date:	2020-09-17T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2020-5421	date:	2020-09-19T04:15:11.527