Vulnerability Name: CVE-2020-5398 (CCN-174711) Assigned: 2020-01-16 Published: 2020-01-16 Updated: 2022-07-25 Summary: In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-494 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2020-5398 spring-cve20205398-info-disc(174711) [karaf-issues] 20200517 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398 [karaf-issues] 20200518 [jira] [Resolved] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398 [karaf-commits] 20200514 [GitHub] [karaf] coheigea opened a new pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398 [karaf-commits] 20200518 [GitHub] [karaf] jbonofre removed a comment on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398 [karaf-issues] 20200517 [jira] [Assigned] (KARAF-6721) Update Spring versions due to CVE-2020-5398 [ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246) [ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3Cdev.rocketmq.apache.org%3E [karaf-issues] 20200518 [jira] [Commented] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398 [karaf-commits] 20200514 [GitHub] [karaf] coheigea commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398 [karaf-commits] 20200518 [karaf] branch master updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398 [karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398 [ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6@%3Cdev.rocketmq.apache.org%3E [karaf-commits] 20200518 [karaf] branch karaf-4.2.x updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398 https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46@%3Ccommits.servicecomb.apache.org%3E [karaf-issues] 20200514 [jira] [Created] (KARAF-6721) Update Spring versions due to CVE-2020-5398 [karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398 [karaf-commits] 20200514 [GitHub] [karaf] skitt commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398 [karaf-issues] 20200514 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398 https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3Ccommits.servicecomb.apache.org%3E [ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 [karaf-commits] 20200518 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398 [ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 [karaf-issues] 20200514 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398 https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d@%3Ccommits.servicecomb.apache.org%3E [karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398 [karaf-commits] 20200518 [GitHub] [karaf] jbonofre merged pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398 [geode-dev] 20200410 Proposal to bring GEODE-7970 to support/1.12 [rocketmq-dev] 20210317 [GitHub] [rocketmq-externals] vongosling commented on issue #690: Spring Framework CVE-2020-5398 [geode-dev] 20200410 Re: Proposal to bring GEODE-7970 to support/1.12 https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3@%3Cdev.rocketmq.apache.org%3E [karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398 [camel-commits] 20200220 [camel] branch camel-2.25.x updated: Updating Spring due to CVE-2020-5398 CVE-2020-5398: RFD Attack via “Content-Disposition” Header Sourced from Request Input by Spring MVC or Spring WebFlux Application https://pivotal.io/security/cve-2020-5398 https://security.netapp.com/advisory/ntap-20210917-0006/ Spring Professional Certification IBM Data Risk Manager is affected by multiple vulnerabilities IBM Data Risk Manager is affected by multiple vulnerabilities IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities N/A Oracle Critical Patch Update Advisory - April 2020 N/A Oracle Critical Patch Update Advisory - April 2021 https://www.oracle.com/security-alerts/cpuApr2021.html Oracle Critical Patch Update Advisory - January 2021 https://www.oracle.com/security-alerts/cpujan2021.html Oracle Critical Patch Update Advisory - July 2020 https://www.oracle.com/security-alerts/cpujul2020.html Oracle Critical Patch Update Advisory - July 2021 N/A Oracle Critical Patch Update Advisory - October 2020 https://www.oracle.com/security-alerts/cpuoct2020.html Oracle Critical Patch Update Advisory - October 2021 https://www.oracle.com/security-alerts/cpuoct2021.html Vulnerable Configuration: Configuration 1 :cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.2.0 and < 5.2.3)OR cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.0.16) OR cpe:/a:vmware:spring_framework:*:*:*:*:*:*:*:* (Version >= 5.1.0 and < 5.1.13) Configuration 2 :cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.20) OR cpe:/a:oracle:rapid_planning:12.1:*:*:*:*:*:*:* OR cpe:/a:oracle:rapid_planning:12.2:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.2.2) OR cpe:/a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 4.0.0 and <= 4.0.12) OR cpe:/a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:* OR cpe:/a:oracle:insurance_policy_administration_j2ee:11.2.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_cloud_native_core_policy:1.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:siebel_engineering_-_installer_&_deployment:*:*:*:*:*:*:*:* (Version <= 2.1.1) OR cpe:/a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:* (Version >= 11.0.0 and <= 11.3.1) Configuration 3 :cpe:/a:netapp:snapcenter:-:*:*:*:*:*:*:* OR cpe:/a:netapp:data_availability_services:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:pivotal_software:spring_framework:5.2.2:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:spring_framework:5.1.12:*:*:*:*:*:*:* OR cpe:/a:pivotal_software:spring_framework:5.0.15:*:*:*:*:*:*:* AND cpe:/a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_order_broker_cloud_service:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.0:*:*:*:*:*:*:* OR cpe:/a:oracle:flexcube_private_banking:12.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:data_risk_manager:2.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:data_risk_manager:2.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:data_risk_manager:2.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:data_risk_manager:2.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:data_risk_manager:2.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:data_risk_manager:2.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:data_risk_manager:2.0.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:data_risk_manager:2.0.6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p4:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.1:-:*:*:*:*:*:* Oval Definitions BACK
vmware spring framework *
vmware spring framework *
vmware spring framework *
oracle flexcube private banking 12.1.0
oracle insurance policy administration j2ee 10.2.0
oracle flexcube private banking 12.0.0
oracle insurance rules palette 10.2.0
oracle retail service backbone 15.0
oracle retail back office 14.1
oracle weblogic server 12.2.1.3.0
oracle application testing suite 13.3.0.1
oracle retail order broker 15.0
oracle retail order broker 16.0
oracle retail returns management 14.1
oracle retail central office 14.1
oracle retail assortment planning 15.0
oracle retail point-of-service 14.1
oracle retail predictive application server 15.0.3
oracle retail assortment planning 16.0
oracle retail financial integration 15.0
oracle retail financial integration 16.0
oracle communications policy management 12.5.0
oracle weblogic server 12.2.1.4.0
oracle mysql *
oracle rapid planning 12.1
oracle rapid planning 12.2
oracle communications element manager 8.2.0
oracle communications element manager 8.2.1
oracle communications element manager 8.1.1
oracle communications diameter signaling router *
oracle retail predictive application server 14.1.3.0
oracle retail bulk data integration 16.0.3.0
oracle retail predictive application server 16.0.3.0
oracle communications session report manager 8.1.1
oracle communications session report manager 8.2.0
oracle communications session report manager 8.2.1
oracle communications session route manager 8.1.1
oracle communications session route manager 8.2.0
oracle communications session route manager 8.2.1
oracle retail service backbone 16.0
oracle retail integration bus 15.0.3
oracle retail predictive application server 14.0.3
oracle retail integration bus 16.0.3
oracle mysql *
oracle insurance rules palette 10.2.4
oracle insurance rules palette 11.0.2
oracle insurance rules palette 11.1.0
oracle insurance rules palette 11.2.0
oracle insurance policy administration j2ee 10.2.4
oracle insurance policy administration j2ee 11.0.2
oracle insurance policy administration j2ee 11.1.0
oracle insurance policy administration j2ee 11.2.0
oracle healthcare master person index 4.0.2
oracle communications billing and revenue management elastic charging engine 11.3
oracle communications billing and revenue management elastic charging engine 12.0
oracle financial services regulatory reporting with agilereporter 8.0.9.2.0
oracle enterprise manager base platform 13.2.1.0
oracle insurance policy administration j2ee 11.2.2.0
oracle communications cloud native core policy 1.5.0
oracle siebel engineering - installer & deployment *
oracle insurance calculation engine *
netapp snapcenter -
netapp data availability services -
pivotal_software spring framework 5.2.2
pivotal_software spring framework 5.1.12
pivotal_software spring framework 5.0.15
oracle weblogic server 12.1.3.0.0
oracle retail point-of-service 14.1
oracle retail order broker cloud service 15.0
oracle retail order broker cloud service 16.0
oracle retail assortment planning 15.0
oracle weblogic server 12.2.1.3.0
oracle flexcube private banking 12.0
oracle flexcube private banking 12.1
oracle retail back office 14.1
oracle retail predictive application server 14.0.3
oracle retail predictive application server 14.1.3
oracle retail returns management 14.1
oracle retail financial integration 15.0
oracle retail financial integration 16.0
oracle retail service backbone 15.0
oracle retail service backbone 16.0
oracle retail predictive application server 15.0.3
oracle retail central office 14.1
oracle application testing suite 13.3.0.1
ibm qradar security information and event manager 7.3.0
ibm data risk manager 2.0.1
ibm data risk manager 2.0.2
ibm data risk manager 2.0.3
ibm data risk manager 2.0.4
ibm data risk manager 2.0.5
ibm data risk manager 2.0.6
ibm data risk manager 2.0.6.1
ibm data risk manager 2.0.6.2
ibm qradar security information and event manager 7.3.3 p4
ibm qradar security information and event manager 7.4.0
ibm qradar security information and event manager 7.4.1 -
Denotes that component is vulnerable