CVE-2020-5398
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
Cross-site Scripting
Vendor | Product | Version |
---|---|---|
vmware | spring_framework | 5.0.0 ≤ 𝑥 < 5.0.16 |
vmware | spring_framework | 5.1.0 ≤ 𝑥 < 5.1.13 |
vmware | spring_framework | 5.2.0 ≤ 𝑥 < 5.2.3 |
oracle | application_testing_suite | 13.3.0.1 |
oracle | communications_billing_and_revenue_management_elastic_charging_engine | 11.3 |
oracle | communications_billing_and_revenue_management_elastic_charging_engine | 12.0 |
oracle | communications_cloud_native_core_policy | 1.5.0 |
oracle | communications_diameter_signaling_router | 8.0.0 ≤ 𝑥 ≤ 8.2.2 |
oracle | communications_element_manager | 8.1.1 |
oracle | communications_element_manager | 8.2.0 |
oracle | communications_element_manager | 8.2.1 |
oracle | communications_policy_management | 12.5.0 |
oracle | communications_session_report_manager | 8.1.1 |
oracle | communications_session_report_manager | 8.2.0 |
oracle | communications_session_report_manager | 8.2.1 |
oracle | communications_session_route_manager | 8.1.1 |
oracle | communications_session_route_manager | 8.2.0 |
oracle | communications_session_route_manager | 8.2.1 |
oracle | enterprise_manager_base_platform | 13.2.1.0 |
oracle | financial_services_regulatory_reporting_with_agilereporter | 8.0.9.2.0 |
oracle | flexcube_private_banking | 12.0.0 |
oracle | flexcube_private_banking | 12.1.0 |
oracle | healthcare_master_person_index | 4.0.2 |
oracle | insurance_calculation_engine | 11.0.0 ≤ 𝑥 ≤ 11.3.1 |
oracle | insurance_policy_administration_j2ee | 10.2.0 |
oracle | insurance_policy_administration_j2ee | 10.2.4 |
oracle | insurance_policy_administration_j2ee | 11.0.2 |
oracle | insurance_policy_administration_j2ee | 11.1.0 |
oracle | insurance_policy_administration_j2ee | 11.2.0 |
oracle | insurance_policy_administration_j2ee | 11.2.2.0 |
oracle | insurance_rules_palette | 10.2.0 |
oracle | insurance_rules_palette | 10.2.4 |
oracle | insurance_rules_palette | 11.0.2 |
oracle | insurance_rules_palette | 11.1.0 |
oracle | insurance_rules_palette | 11.2.0 |
oracle | mysql | 4.0.0 ≤ 𝑥 ≤ 4.0.12 |
oracle | mysql | 8.0.0 ≤ 𝑥 ≤ 8.0.20 |
oracle | rapid_planning | 12.1 |
oracle | rapid_planning | 12.2 |
oracle | retail_assortment_planning | 15.0 |
oracle | retail_assortment_planning | 16.0 |
oracle | retail_back_office | 14.1 |
oracle | retail_bulk_data_integration | 16.0.3.0 |
oracle | retail_central_office | 14.1 |
oracle | retail_financial_integration | 15.0 |
oracle | retail_financial_integration | 16.0 |
oracle | retail_integration_bus | 15.0.3 |
oracle | retail_integration_bus | 16.0.3 |
oracle | retail_order_broker | 15.0 |
oracle | retail_order_broker | 16.0 |
oracle | retail_point-of-service | 14.1 |
oracle | retail_predictive_application_server | 14.0.3 |
oracle | retail_predictive_application_server | 14.1.3.0 |
oracle | retail_predictive_application_server | 15.0.3 |
oracle | retail_predictive_application_server | 16.0.3.0 |
oracle | retail_returns_management | 14.1 |
oracle | retail_service_backbone | 15.0 |
oracle | retail_service_backbone | 16.0 |
oracle | siebel_engineering_-_installer_\&_deployment | 𝑥 ≤ 2.1.1 |
oracle | weblogic_server | 12.2.1.3.0 |
oracle | weblogic_server | 12.2.1.4.0 |
netapp | data_availability_services | - |
netapp | snapcenter | - |
Ubuntu Releases