Lucene search
PivotalCVELIST:CVE-2020-5427HistoryJan 25, 2021 - 12:00 a.m.
CVE-2020-5427 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
2021-01-2500:00:00
CWE-89
pivotal
www.cve.org
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
0.001 Low
EPSS
Percentile
38.2%
In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.
CNA Affected
[
{
"product": "Spring Cloud Data Flow",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "2.6.5",
"status": "affected",
"version": "2.6",
"versionType": "custom"
},
{
"lessThan": "2.5.4",
"status": "affected",
"version": "2.5",
"versionType": "custom"
}
]
}
]References
Related
osv
osv
CVE-2020-5427
2021-01-27 18:15:13
BIT-spring-cloud-dataflow-2020-5427
2024-03-06 11:05:17
cve
cve
CVE-2020-5427
2021-01-27 18:15:13
prion
prion
Sql injection
2021-01-27 18:15:00
nvd
nvd
CVE-2020-5427
2021-01-27 18:15:13
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
0.001 Low
EPSS
Percentile
38.2%
Related for CVELIST:CVE-2020-5427