CVE-2019-3772

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
vmwarespring_integration
𝑥
≤ 4.3.18
vmwarespring_integration
5.0.0 ≤
𝑥
≤ 5.0.10
vmwarespring_integration
5.1.0 ≤
𝑥
≤ 5.1.1
oracleretail_customer_management_and_segmentation_foundation
16.0
oracleretail_customer_management_and_segmentation_foundation
17.0
oracleretail_customer_management_and_segmentation_foundation
18.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106749
https://pivotal.io/security/cve-2019-3772
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.securityfocus.com/bid/106749
https://pivotal.io/security/cve-2019-3772
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html