CVE-2020-5421
high-risk
Published 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Do I need to act?
!
63.8% chance of exploitation in next 30 days
EPSS score — higher than 36% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10
Medium
NETWORK
/ HIGH complexity
Affected Products (20)
Communications Design Studio
Communications Design Studio
Communications Design Studio
Enterprise Data Quality
Enterprise Data Quality
References (48)
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210513-0009/
Vendor Advisory
https://tanzu.vmware.com/security/cve-2020-5421
and 28 more references
67
/ 100
high-risk
Severity
20/34 · Moderate
Exploitability
19/34 · Moderate
Exposure
28/34 · Critical