Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA35B70DC41487A1542BF0D5B3225632C51D9EBDE53DB2265445D8489F75A1898
HistoryJul 11, 2019 - 7:25 p.m.

Security Bulletin: Multiple vulnerabilities in Spring Framework affect IBM InfoSphere Information Server

2019-07-1119:25:02
www.ibm.com
16

0.03 Low

EPSS

Percentile

91.0%

JSON

Summary

Multiple vulnerabilities in Spring Framework were addressed by IBM InfoSphere Information Server.

Vulnerability Details

CVEID: CVE-2015-5211 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to download arbitrary files, caused by a reflected file download attack. By using a specially crafted URL with a batch script extension, an attacker could exploit this vulnerability to download a malicious response.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130673&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-3192 DESCRIPTION: Pivotal Spring Framework is vulnerable to a denial of service, caused by the failure to properly process inline DTD declarations when DTD is partially enabled. By persuading a victim to open a specially crafted XML file, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/115554&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

Affected Products and Versions

The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Server : versions 11.7

Remediation/Fixes

Product

| VRMF | APAR | Remediation/First Fix
—|—|—|—
InfoSphere Information Server, Information Server on Cloud | 11.7 | JR61139 | --Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply IBM InfoSphere Information Server 11.7.1.0 Service Pack 1

Workarounds and Mitigations

None

Related

nessus 7
fedora 5
openvas 8
osv 6
debian 1
github 3
cve 3
debiancve 3
mageia 2
nvd 3
cvelist 3
prion 3
ubuntucve 3
redhat 6
ubuntu 1
redhatcve 1
ibm 5
githubexploit 1
veracode 1
nessus
nessus
Fedora 23 : springframework-3.2.15-1.fc23 (2015-065d9953e8)
2016-03-04 00:00:00
Fedora 22 : springframework-3.2.15-1.fc22 (2015-693035254a)
2016-03-04 00:00:00
Fedora 21 : springframework-3.2.15-1.fc21 (2015-9295d75400)
2016-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: springframework-3.2.15-1.fc21
2015-11-01 22:22:42
[SECURITY] Fedora 23 Update: springframework-3.2.15-1.fc23
2015-11-01 02:58:09
[SECURITY] Fedora 22 Update: springframework-3.2.15-1.fc22
2015-11-01 21:55:23
openvas
openvas
Fedora Update for springframework FEDORA-2015-693035254
2015-11-02 00:00:00
Debian: Security Advisory (DLA-1853-1)
2019-07-14 00:00:00
Mageia: Security Advisory (MGASA-2015-0426)
2015-11-08 00:00:00
osv
osv
Files or Directories Accessible to External Parties in org.springframework:spring-core
2018-10-17 20:29:33
libspring-java - security update
2019-07-13 00:00:00
Pivotal Spring Framework DoS Attack with XML Input
2018-10-17 20:29:12
debian
debian
[SECURITY] [DLA 1853-1] libspring-java security update
2019-07-13 21:20:48
github
github
Files or Directories Accessible to External Parties in org.springframework:spring-core
2018-10-17 20:29:33
Pivotal Spring Framework DoS Attack with XML Input
2018-10-17 20:29:12
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
cve
cve
CVE-2015-5211
2017-05-25 17:29:00
CVE-2015-3192
2016-07-12 19:59:00
CVE-2020-5421
2020-09-19 04:15:11
debiancve
debiancve
CVE-2015-5211
2017-05-25 17:29:00
CVE-2015-3192
2016-07-12 19:59:00
CVE-2020-5421
2020-09-19 04:15:11
mageia
mageia
Updated springframework packages fix security vulnerability
2015-11-04 21:03:05
Updated springframework package fixes security vulnerability
2015-07-29 00:01:59
nvd
nvd
CVE-2015-5211
2017-05-25 17:29:00
CVE-2015-3192
2016-07-12 19:59:00
CVE-2020-5421
2020-09-19 04:15:11
cvelist
cvelist
CVE-2015-5211
2017-05-25 17:00:00
CVE-2015-3192
2016-07-12 19:00:00
CVE-2020-5421 RFD Protection Bypass via jsessionid
2020-09-17 00:00:00
prion
prion
Input validation
2017-05-25 17:29:00
Design/Logic Flaw
2016-07-12 19:59:00
Design/Logic Flaw
2020-09-19 04:15:00
ubuntucve
ubuntucve
CVE-2015-5211
2017-05-25 00:00:00
CVE-2015-3192
2016-07-12 00:00:00
CVE-2020-5421
2020-09-19 00:00:00
redhat
redhat
(RHSA-2016:1219) Moderate: Red Hat JBoss BRMS security and bug fix update
2016-06-09 13:48:46
(RHSA-2016:1592) Moderate: Red Hat JBoss BRMS 6.3.2 security and bug fix update
2016-08-10 18:42:43
(RHSA-2016:1218) Moderate: Red Hat JBoss BPM Suite security and bug fix update
2016-06-09 13:48:35
ubuntu
ubuntu
Spring Framework vulnerabilities
2021-03-17 00:00:00
redhatcve
redhatcve
CVE-2020-5421
2020-09-21 16:59:07
ibm
ibm
Security Bulletin: [All] Spring Framework (Publicly disclosed vulnerability)
2023-06-06 05:06:05
Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities
2019-03-07 15:30:02
Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform
2023-01-26 17:01:32
githubexploit
githubexploit
Exploit for Vulnerability in Pivotal Software Spring Framework
2021-01-10 12:26:00
veracode
veracode
Reflected File Download (RFD) Attack
2020-09-18 08:14:19

0.03 Low

EPSS

Percentile

91.0%

JSON
Related for A35B70DC41487A1542BF0D5B3225632C51D9EBDE53DB2265445D8489F75A1898
nessus7fedora5openvas8osv6debian1github3cve3debiancve3mageia2nvd3cvelist3prion3ubuntucve3redhat6ubuntu1redhatcve1ibm5githubexploit1veracode1