In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| vmware | spring_framework | 4.3.29 | - |
| vmware | spring_framework | 5.0.0 - 5.0.19 | - |
| vmware | spring_framework |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
77
Affected Products
48
References
vmware / spring_framework
| 5.1.0 - 5.1.18 |
| - |
| vmware | spring_framework | 5.2.0 - 5.2.9 | - |
| oracle | commerce_guided_search | - | - |
| oracle | communications_brm | - | - |
| oracle | communications_brm | - | - |
| oracle | communications_design_studio | - | - |
| oracle | communications_design_studio | - | - |
| oracle | communications_design_studio | - | - |
| oracle | communications_session_report_manager | 8.2.1 - 8.2.2.1 | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | communications_unified_inventory_management | - | - |
| oracle | endeca_information_discovery_integrator | - | - |
| oracle | enterprise_data_quality | - | - |
| oracle | enterprise_data_quality | - | - |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.6 - 8.1.0 | - |
| oracle | flexcube_private_banking | - | - |
| oracle | flexcube_private_banking | - | - |
| oracle | fusion_middleware | - | - |
| oracle | fusion_middleware | - | - |
| oracle | goldengate_application_adapters | - | - |
| oracle | healthcare_master_person_index | - | - |
| oracle | hyperion_infrastructure_technology | - | - |
| oracle | insurance_policy_administration | 11.1.0 - 11.3.0 | - |
| oracle | insurance_policy_administration | - | - |
| oracle | insurance_policy_administration | - | - |
| oracle | insurance_policy_administration | - | - |
| oracle | insurance_rules_palette | 11.1.0 - 11.3.0 | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | insurance_rules_palette | - | - |
| oracle | mysql_enterprise_monitor | 8.0.22 | - |
| oracle | mysql_enterprise_monitor | - | - |
| oracle | primavera_gateway | 16.2.0 - 16.2.11 | - |
| oracle | primavera_gateway | 17.12.0 - 17.12.9 | - |
| oracle | primavera_gateway | 18.8.0 - 18.8.10 | - |
| oracle | primavera_gateway | 19.12.0 - 19.12.10 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 16.1.0 - 16.2.20 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 17.1.0 - 17.12.19 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 18.1.0 - 18.8.21 | - |
| oracle | primavera_p6_enterprise_project_portfolio_management | 19.12.0 - 19.12.10 | - |
| oracle | retail_assortment_planning | - | - |
| oracle | retail_bulk_data_integration | - | - |
| oracle | retail_customer_engagement | 16.0 - 19.0 | - |
| oracle | retail_customer_management_and_segmentation_foundation | 16.0 - 19.0 | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_financial_integration | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_invoice_matching | - | - |
| oracle | retail_invoice_matching | - | - |
| oracle | retail_merchandising_system | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_order_broker | - | - |
| oracle | retail_predictive_application_server | - | - |
| oracle | retail_returns_management | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_service_backbone | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | storagetek_acsls | - | - |
| oracle | storagetek_tape_analytics_sw_tool | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
| netapp | oncommand_insight | - | - |
| netapp | snap_creator_framework | - | - |
| netapp | snapcenter | - | - |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
Exploitability
Impact