The vulnerability of the Spring Framework component of the Oracle Retail Order Broker software product allows a hacker to gain full control over the application.

🗓️ 10 Jun 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

Vulnerability in Spring Framework of Oracle Retail Order Broker allows full control via web protocol.

Reporter	Title	Published	Views	Family All 108
Gitee	Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform	8 Dec 202020:38	–	gitee
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	13 Aug 202122:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities	7 Oct 202022:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	2 Jul 202019:10	–	ibm
Atlassian	Spring Framework Vulnerability - CVE-2020-5398	17 Feb 202006:00	–	atlassian
Atlassian	Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities	3 Feb 202122:39	–	atlassian
Atlassian	Update application links to 5.4.23 to fix CVE-2020-5398	3 Feb 202122:45	–	atlassian
Atlassian	Spring Framework Vulnerability - CVE-2020-5398	17 Feb 202006:00	–	atlassian
Atlassian	Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities	3 Feb 202122:39	–	atlassian
Atlassian	Update application links to 5.4.23 to fix CVE-2020-5398	3 Feb 202122:45	–	atlassian

Vulners

Node

oracle weblogic_serverMatch12.2.1.3.0

oracle oracle_retail_order_brokerMatch15.0

oracle oracle_retail_order_brokerMatch16.0

red_hat red_hat_jboss_fuseMatch7

oracle application_testing_suiteMatch13.3.0.1

oracle weblogic_serverMatch12.2.1.4.0

oracle oracle_retail_predictive_application_serverMatch15.0.3

oracle oracle_retail_predictive_application_serverMatch16.0.3

oracle oracle_retail_assortment_planningMatch15.0

oracle oracle_retail_assortment_planningMatch16.0

oracle oracle_communications_element_managerMatch8.1.1

oracle oracle_communications_element_managerMatch8.2.0

oracle oracle_communications_session_report_managerMatch8.1.1

oracle oracle_communications_session_report_managerMatch8.2.0

oracle oracle_communications_session_route_managerMatch8.1.1

oracle oracle_communications_session_route_managerMatch8.2.0

oracle oracle_retail_financial_integrationMatch15.0

oracle oracle_retail_financial_integrationMatch16.0

pivotal_software spring_frameworkRange5.2.0–5.2.3

pivotal_software spring_frameworkRange5.0.0–5.0.16

pivotal_software spring_frameworkRange5.1.1–5.1.13

pivotal_software spring_frameworkMatch5.1.0

oracle communications_brm_-_elastic_charging_engineMatch11.3

oracle communications_brm_-_elastic_charging_engineMatch12.0

oracle oracle_communications_element_managerMatch8.2.1

oracle oracle_communications_session_report_managerMatch8.2.1

oracle oracle_communications_session_route_managerMatch8.2.1

oracle oracle_healthcare_master_person_indexMatch4.0.2

oracle insurance_policy_administration_j2eeMatch10.2.0

oracle insurance_policy_administration_j2eeMatch10.2.4

oracle insurance_policy_administration_j2eeMatch11.0.2

oracle insurance_policy_administration_j2eeMatch11.1.0

oracle insurance_policy_administration_j2eeMatch11.2.0

oracle oracle_insurance_rules_paletteMatch10.2.0

oracle oracle_insurance_rules_paletteMatch10.2.4

oracle oracle_insurance_rules_paletteMatch11.0.2

oracle oracle_insurance_rules_paletteMatch11.1.0

oracle oracle_insurance_rules_paletteMatch11.2.0

oracle mysql_enterprise_monitorRange≤4.0.12

oracle mysql_enterprise_monitorRange≤8.0.20

oracle oracle_retail_predictive_application_serverMatch14.0.3

oracle oracle_retail_predictive_application_serverMatch14.1.3

oracle oracle_retail_service_backboneMatch15.0

oracle oracle_retail_service_backboneMatch16.0

oracle rapid_planningMatch12.1

oracle rapid_planningMatch12.2

oracle oracle_flexcube_private_bankingMatch12.0.0

oracle oracle_flexcube_private_bankingMatch12.1.0

oracle communications_diameter_signaling_routerRange8.0.0–8.2.2

oracle enterprise_manager_base_platformMatch13.2.1.0

oracle insurance_policy_administration_j2eeMatch11.2.2.0

oracle oracle_retail_bulk_data_integrationMatch16.0.3.0

Source	Link
lists	www.lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf@%3Cissues.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad@%3Cissues.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b@%3Ccommits.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676@%3Ccommits.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b@%3Cissues.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163@%3Cissues.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134@%3Ccommits.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc@%3Ccommits.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682@%3Cissues.karaf.apache.org%3E
lists	www.lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5@%3Ccommits.karaf.apache.org%3E

04 Apr 2022 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 27.6

CVSS 38

EPSS0.87966