Lucene search

PivotalCVELIST:CVE-2020-5427

HistoryJan 27, 2021 - 5:30 p.m.

CVE-2020-5427 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query

2021-01-2717:30:16

CWE-89

pivotal

www.cve.org

cve-2020-5427

spring cloud data flow

sql injection

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

EPSS

0.001

Percentile

38.0%

JSON

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

CNA Affected

[
  {
    "product": "Spring Cloud Data Flow",
    "vendor": "Spring by VMware",
    "versions": [
      {
        "lessThan": "2.6.5",
        "status": "affected",
        "version": "2.6",
        "versionType": "custom"
      },
      {
        "lessThan": "2.5.4",
        "status": "affected",
        "version": "2.5",
        "versionType": "custom"
      }
    ]
  }
]

References

tanzu.vmware.com/security/cve-2020-5427

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

EPSS

0.001

Percentile

38.0%

JSON

Related for CVELIST:CVE-2020-5427