CVE-2016-9878

🗓️ 29 Dec 2016 09:02:00Reported by dellType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 133 Views

An issue in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.

Reporter	Title	Published	Views	Family All 47
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability	28 Sep 201804:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities	2 Dec 202219:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)	12 Jan 202114:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities	16 Jun 201822:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities	22 Jun 202316:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling B2B Integrator vulnerable to multiple vulnerabilities due to Spring Framework	13 May 202214:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2016-5007, CVE-2016-9878)	16 Jun 201822:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities	18 Feb 201914:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7	24 Oct 202411:46	–	ibm
Atlassian	Insecure version of Spring Web MVC used in Confluence Analytics	19 Feb 202022:31	–	atlassian

NVD

Node

pivotal_software spring_frameworkRange≤3.2.0

pivotal_software spring_frameworkMatch4.2.0

pivotal_software spring_frameworkMatch4.3.0

vmware spring_frameworkMatch3.2.1

vmware spring_frameworkMatch3.2.2

vmware spring_frameworkMatch3.2.3

vmware spring_frameworkMatch3.2.4

vmware spring_frameworkMatch3.2.5

vmware spring_frameworkMatch3.2.6

vmware spring_frameworkMatch3.2.7

vmware spring_frameworkMatch3.2.8

vmware spring_frameworkMatch3.2.9

vmware spring_frameworkMatch3.2.10

vmware spring_frameworkMatch3.2.11

vmware spring_frameworkMatch3.2.12

vmware spring_frameworkMatch3.2.13

vmware spring_frameworkMatch3.2.14

vmware spring_frameworkMatch3.2.15

vmware spring_frameworkMatch3.2.16

vmware spring_frameworkMatch3.2.17

vmware spring_frameworkMatch4.2.1

vmware spring_frameworkMatch4.2.2

vmware spring_frameworkMatch4.2.3

vmware spring_frameworkMatch4.2.4

vmware spring_frameworkMatch4.2.5

vmware spring_frameworkMatch4.2.6

vmware spring_frameworkMatch4.2.7

vmware spring_frameworkMatch4.2.8

vmware spring_frameworkMatch4.3.1

vmware spring_frameworkMatch4.3.2

vmware spring_frameworkMatch4.3.3

vmware spring_frameworkMatch4.3.4

[
  {
    "product": "Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
oracle	www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
pivotal	www.pivotal.io/security/cve-2016-9878
oracle	www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
lists	www.lists.debian.org/debian-lts-announce/2019/07/msg00012.html
securityfocus	www.securityfocus.com/bid/95072
access	www.access.redhat.com/errata/RHSA-2017:3115
securitytracker	www.securitytracker.com/id/1040698
oracle	www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
security	www.security.netapp.com/advisory/ntap-20180419-0002/

06 May 2026 22:30Current

8.1High risk

Vulners AI Score8.1

CVSS 25

CVSS 37.5

EPSS0.04927

CWE-22