CVE-2020-5421

Medium

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections…

pivotal·NVD-CWE-noinfo·Published 2020-09-19

CVSS

6.5

EPSS

0.11

KEV

Exploits

cve.orgen

272 chars

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

NVDen

272 chars

OSV.deven

272 chars

GHSAen

272 chars

NVDes

280 chars

En Spring Framework versiones 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28 y versiones anteriores no compatibles, las protecciones contra ataques RFD del CVE-2015 -5211 puede ser omitidas según el navegador usado mediante el uso de un parámetro de ruta jsessionid

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.6	3.9	4.9	AV:N/AC:H/Au:S/C:P/I:P/A:N
3.0	Primary	cve.org	8.7	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
3.0	Primary	cve.org	8.7	—	—	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
3.0	Secondary	NVD	8.7	2.3	5.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
3.1	Primary	NVD	6.5	1.3	4.7	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
3.1	Secondary	GHSA	6.5	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N