CVE-2020-5421 in Oracle Identity Managerinfo

Summary

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Responsible

Pivotal Software, Inc.

Reservation

01/03/2020

Disclosure

01/25/2023

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
251184	Oracle Identity Manager Third Party		Not defined	Official fix	CVE-2020-5421
198193	Oracle StorageTek ACSLS Software		Not defined	Official fix	CVE-2020-5421
190785	Oracle Communications Design Studio Inventory		Not defined	Official fix	CVE-2020-5421
179254	Oracle StorageTek Tape Analytics SW Tool Spring		Not defined	Official fix	CVE-2020-5421
179231	Oracle Retail Customer Engagement Spring		Not defined	Official fix	CVE-2020-5421
179215	Oracle Retail Merchandising System Spring privilege escalation		Not defined	Official fix	CVE-2020-5421
179214	Oracle Retail Customer Management and Segmentation Foundation Spring privilege escalation		Not defined	Official fix	CVE-2020-5421
179094	Oracle Enterprise Data Quality Spring privilege escalation		Not defined	Official fix	CVE-2020-5421
173632	Oracle Retail Xstore Point of Service Xenvironment privilege escalation		Not defined	Official fix	CVE-2020-5421
173631	Oracle Retail Predictive Application Server RPAS Fusion Client privilege escalation		Not defined	Official fix	CVE-2020-5421
173499	Oracle Fusion Middleware Centralized Thirdparty Jars privilege escalation		Not defined	Official fix	CVE-2020-5421
173478	Oracle FLEXCUBE Private Banking Financial Planning privilege escalation		Not defined	Official fix	CVE-2020-5421
173355	Oracle Communications Unified Inventory Management Reservations privilege escalation		Not defined	Official fix	CVE-2020-5421
168427	Oracle Retail Service Backbone RSB kernel		Not defined	Official fix	CVE-2020-5421
168426	Oracle Retail Invoice Matching Security		Not defined	Official fix	CVE-2020-5421
168425	Oracle Retail Integration Bus RIB Kernal		Not defined	Official fix	CVE-2020-5421
168424	Oracle Retail Financial Integration PeopleSoft Integration		Not defined	Official fix	CVE-2020-5421
168423	Oracle Retail Assortment Planning Application Core		Not defined	Official fix	CVE-2020-5421
168409	Oracle Retail Order Broker System Administration privilege escalation		Not defined	Official fix	CVE-2020-5421
168357	Oracle MySQL Enterprise Monitor Service Manager		Not defined	Official fix	CVE-2020-5421
168346	Oracle Insurance Rules Palette Architecture		Not defined	Official fix	CVE-2020-5421
168345	Oracle Insurance Policy Administration Architecture		Not defined	Official fix	CVE-2020-5421
168342	Oracle Hyperion Infrastructure Technology Installation/Configuration		Not defined	Official fix	CVE-2020-5421
168321	Oracle WebLogic Server Sample apps		Not defined	Official fix	CVE-2020-5421
168320	Oracle GoldenGate Application Adapters		Not defined	Official fix	CVE-2020-5421
168292	Oracle Endeca Information Discovery Integrator Integrator ETL privilege escalation		Not defined	Official fix	CVE-2020-5421
168264	Oracle Financial Services Analytical Applications Infrastructure		Not defined	Official fix	CVE-2020-5421
168184	Oracle Primavera P6 Enterprise Project Portfolio Management Web access		Not defined	Official fix	CVE-2020-5421
168183	Oracle Primavera Gateway Admin		Not defined	Official fix	CVE-2020-5421
168176	Oracle Communications Session Report Manager Spring		Not defined	Official fix	CVE-2020-5421
168164	Oracle Communications BRM Spring		Not defined	Official fix	CVE-2020-5421
161623	Spring Framework RFD privileges management	269	Not defined	Not defined	CVE-2020-5421

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!