USN-4774-1: Spring Framework vulnerabilities

🗓️ 17 Mar 2021 17:02:03Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 74 Views

Spring Framework vulnerabilities in Ubuntu 16.04 and 14.04 ESM with XML and URL handling issue

Reporter	Title	Published	Views	Family All 199
IBM Security Bulletins	Security Bulletin: Pivotal Spring Framework vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)	17 Jun 201815:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities vulnerability	28 Sep 201804:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Controller has addressed multiple vulnerabilities	2 Dec 202219:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)	12 Jan 202114:42	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform	26 Jan 202317:01	–	ibm
IBM Security Bulletins	Security Bulletin: OpenSource GoPivotal Spring Framework Vulnerabilities affect IBM Security Guardium (CVE-2014-3578, CVE-2014-3625)	16 Jun 201821:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities	16 Jun 201822:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Directory Integrator is affected by multiple security vulnerabilities	22 Jun 202316:30	–	ibm
IBM Security Bulletins	Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVE's	16 Jun 201821:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities vulnerabilities	7 Mar 201915:30	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	14.04	any	libspring-aop-java	3.0.6.RELEASE-13ubuntu0.1~esm2	libspring-aop-java_3.0.6.RELEASE-13ubuntu0.1~esm2_any.deb
Ubuntu	16.04	any	libspring-aop-java	3.2.13-5ubuntu0.1~esm1	libspring-aop-java_3.2.13-5ubuntu0.1~esm1_any.deb
Ubuntu	14.04	any	libspring-beans-java	3.0.6.RELEASE-13ubuntu0.1~esm2	libspring-beans-java_3.0.6.RELEASE-13ubuntu0.1~esm2_any.deb
Ubuntu	16.04	any	libspring-beans-java	3.2.13-5ubuntu0.1~esm1	libspring-beans-java_3.2.13-5ubuntu0.1~esm1_any.deb
Ubuntu	14.04	any	libspring-context-java	3.0.6.RELEASE-13ubuntu0.1~esm2	libspring-context-java_3.0.6.RELEASE-13ubuntu0.1~esm2_any.deb
Ubuntu	16.04	any	libspring-context-java	3.2.13-5ubuntu0.1~esm1	libspring-context-java_3.2.13-5ubuntu0.1~esm1_any.deb
Ubuntu	14.04	any	libspring-context-support-java	3.0.6.RELEASE-13ubuntu0.1~esm2	libspring-context-support-java_3.0.6.RELEASE-13ubuntu0.1~esm2_any.deb
Ubuntu	16.04	any	libspring-context-support-java	3.2.13-5ubuntu0.1~esm1	libspring-context-support-java_3.2.13-5ubuntu0.1~esm1_any.deb
Ubuntu	14.04	any	libspring-core-java	3.0.6.RELEASE-13ubuntu0.1~esm2	libspring-core-java_3.0.6.RELEASE-13ubuntu0.1~esm2_any.deb
Ubuntu	16.04	any	libspring-core-java	3.2.13-5ubuntu0.1~esm1	libspring-core-java_3.2.13-5ubuntu0.1~esm1_any.deb

17 Mar 2021 17:02Current

7High risk

Vulners AI Score7

CVSS 29.3

CVSS 38.8

CVSS 3.19.6

EPSS0.16987

spring framework ubuntu 16.04 ubuntu 14.04 xml handling url handling directory traversal denial of service disclosure of information