CVE-2019-3772

EUVD-2019-0197
Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
vmwarespring_integration
𝑥
≤ 4.3.18
vmwarespring_integration
5.0.0 ≤
𝑥
≤ 5.0.10
vmwarespring_integration
5.1.0 ≤
𝑥
≤ 5.1.1
oracleretail_customer_management_and_segmentation_foundation
16.0
oracleretail_customer_management_and_segmentation_foundation
17.0
oracleretail_customer_management_and_segmentation_foundation
18.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106749
https://pivotal.io/security/cve-2019-3772
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.securityfocus.com/bid/106749
https://pivotal.io/security/cve-2019-3772
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html