CRITICAL✓ PATCH🇬🇧 English

CVE-2019-3773

CVSS 9.8v3.1pub. 2019-01-18upd. 2024-11-21

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Financial Services Analytical Applications Infrastructure

    APP
    Oracle
    8.0.6 – 8.1.0
  • Oracle Flexcube Private Banking

    APP
    Oracle
    12.0.012.1.0
  • Pivotal Software Spring Web Services

    APP
    Pivotal Software
    ≤ 2.4.33.0.0 – 3.0.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XXE
CWE
Referencje

Powiązane podatności

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2025-53037CRITICAL9.8PL ✓ten sam produkt

Pominięcie uwierzytelnienia w Oracle Financial Services Analytical Applications Infrastructure

CVE-2021-26291CRITICAL9.1ten sam produkt

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may ...

CVE-2020-11998CRITICAL9.8ten sam produkt

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to ...