Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
References
Link | Resource |
---|---|
https://pivotal.io/security/cve-2019-3773 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20231227-0011/ | |
https://www.oracle.com//security-alerts/cpujul2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Not Applicable |
https://www.oracle.com/security-alerts/cpujan2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
27 Dec 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-01-18 22:29
Updated : 2024-02-28 16:48
NVD link : CVE-2019-3773
Mitre link : CVE-2019-3773
CVE.ORG link : CVE-2019-3773
JSON object : View
Products Affected
pivotal_software
- spring_web_services
oracle
- flexcube_private_banking
- financial_services_analytical_applications_infrastructure
CWE
CWE-611
Improper Restriction of XML External Entity Reference