CVE-2020-5398
HIGHCVSS 7.5/10EPSS 88.08%
Last modified
CVE-2020-5398 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.. EPSS estimates a 88.08% chance of exploitation in the next 30 days.
Description
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Spring Framework | >= 5.0.0, < 5.0.16 |
| Vmware | Spring Framework | >= 5.1.0, < 5.1.13 |
| Vmware | Spring Framework | >= 5.2.0, < 5.2.3 |
| Oracle | Application Testing Suite | 13.3.0.1 |
| Oracle | Communications Billing And Revenue Management Elastic Charging Engine | 11.3 |
| Oracle | Communications Billing And Revenue Management Elastic Charging Engine | 12.0 |
| Oracle | Communications Cloud Native Core Policy | 1.5.0 |
| Oracle | Communications Diameter Signaling Router | >= 8.0.0, <= 8.2.2 |
| Oracle | Communications Element Manager | 8.1.1 |
| Oracle | Communications Element Manager | 8.2.0 |
| Oracle | Communications Element Manager | 8.2.1 |
| Oracle | Communications Policy Management | 12.5.0 |
| Oracle | Communications Session Report Manager | 8.1.1 |
| Oracle | Communications Session Report Manager | 8.2.0 |
| Oracle | Communications Session Report Manager | 8.2.1 |
| Oracle | Communications Session Route Manager | 8.1.1 |
| Oracle | Communications Session Route Manager | 8.2.0 |
| Oracle | Communications Session Route Manager | 8.2.1 |
| Oracle | Enterprise Manager Base Platform | 13.2.1.0 |
| Oracle | Financial Services Regulatory Reporting With Agilereporter | 8.0.9.2.0 |
| Oracle | Flexcube Private Banking | 12.0.0 |
| Oracle | Flexcube Private Banking | 12.1.0 |
| Oracle | Healthcare Master Person Index | 4.0.2 |
| Oracle | Insurance Calculation Engine | >= 11.0.0, <= 11.3.1 |
| Oracle | Insurance Policy Administration J2ee | 10.2.0 |
| Oracle | Insurance Policy Administration J2ee | 10.2.4 |
| Oracle | Insurance Policy Administration J2ee | 11.0.2 |
| Oracle | Insurance Policy Administration J2ee | 11.1.0 |
| Oracle | Insurance Policy Administration J2ee | 11.2.0 |
| Oracle | Insurance Policy Administration J2ee | 11.2.2.0 |
| Oracle | Insurance Rules Palette | 10.2.0 |
| Oracle | Insurance Rules Palette | 10.2.4 |
| Oracle | Insurance Rules Palette | 11.0.2 |
| Oracle | Insurance Rules Palette | 11.1.0 |
| Oracle | Insurance Rules Palette | 11.2.0 |
| Oracle | Mysql | >= 4.0.0, <= 4.0.12 |
| Oracle | Mysql | >= 8.0.0, <= 8.0.20 |
| Oracle | Rapid Planning | 12.1 |
| Oracle | Rapid Planning | 12.2 |
| Oracle | Retail Assortment Planning | 15.0 |
| Oracle | Retail Assortment Planning | 16.0 |
| Oracle | Retail Back Office | 14.1 |
| Oracle | Retail Bulk Data Integration | 16.0.3.0 |
| Oracle | Retail Central Office | 14.1 |
| Oracle | Retail Financial Integration | 15.0 |
| Oracle | Retail Financial Integration | 16.0 |
| Oracle | Retail Integration Bus | 15.0.3 |
| Oracle | Retail Integration Bus | 16.0.3 |
| Oracle | Retail Order Broker | 15.0 |
| Oracle | Retail Order Broker | 16.0 |
Showing 50 of 63 affected configurations. See NVD for the full list.
References
- https://pivotal.io/security/cve-2020-5398Vendor Advisory
- https://security.netapp.com/advisory/ntap-20210917-0006/Third Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
- https://pivotal.io/security/cve-2020-5398Vendor Advisory
- https://security.netapp.com/advisory/ntap-20210917-0006/Third Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-5398?
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
How severe is CVE-2020-5398?
CVE-2020-5398 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 88.08% probability of exploitation in the next 30 days.
How do I fix CVE-2020-5398?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2020-5398?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST