Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| vmware | spring_framework | 4.3.16 | - |
| vmware | spring_framework | 5.0.0 - 5.0.5 | - |
| oracle | application_testing_suite |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
70
Affected Products
32
References
vmware / spring_framework
| - |
| - |
| oracle | application_testing_suite | - | - |
| oracle | application_testing_suite | - | - |
| oracle | application_testing_suite | - | - |
| oracle | big_data_discovery | - | - |
| oracle | communications_converged_application_server | 7.0.0.1 | - |
| oracle | communications_diameter_signaling_router | 8.3 | - |
| oracle | communications_performance_intelligence_center | 10.2.1 | - |
| oracle | communications_services_gatekeeper | 6.1.0.4.0 | - |
| oracle | enterprise_manager_ops_center | - | - |
| oracle | enterprise_manager_ops_center | - | - |
| oracle | goldengate_for_big_data | - | - |
| oracle | goldengate_for_big_data | - | - |
| oracle | goldengate_for_big_data | - | - |
| oracle | health_sciences_information_manager | - | - |
| oracle | healthcare_master_person_index | - | - |
| oracle | healthcare_master_person_index | - | - |
| oracle | insurance_calculation_engine | - | - |
| oracle | insurance_calculation_engine | - | - |
| oracle | insurance_calculation_engine | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | primavera_gateway | - | - |
| oracle | primavera_gateway | - | - |
| oracle | primavera_gateway | - | - |
| oracle | retail_back_office | - | - |
| oracle | retail_back_office | - | - |
| oracle | retail_central_office | - | - |
| oracle | retail_central_office | - | - |
| oracle | retail_customer_insights | - | - |
| oracle | retail_customer_insights | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_open_commerce_platform | - | - |
| oracle | retail_open_commerce_platform | - | - |
| oracle | retail_open_commerce_platform | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_point-of-sale | - | - |
| oracle | retail_point-of-sale | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_returns_management | - | - |
| oracle | retail_returns_management | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | service_architecture_leveraging_tuxedo | - | - |
| oracle | service_architecture_leveraging_tuxedo | - | - |
| oracle | tape_library_acsls | - | - |
| redhat | fuse | - | - |
| debian | debian_linux | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact