What is CVE-2020-5421?

CVE-2020-5421 is a high-severity vulnerability in Spring By Vmware Framework, classified under CWE-020: IMPROPER INPUT VALIDATION. CVSS score: 8.7/10. Published 2020-09-19.

How severe is CVE-2020-5421?

High severity. CVSS v3 base score is 8.7 out of 10.

Is CVE-2020-5421 known to be exploited?

20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Spring By Vmware Framework

CVE-2020-5421

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the us…

EPSS: 0.638 (98.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

Spring By Vmware Framework — versions 4.3, 5.0, 5.1

Public proof-of-concept exploits

References

tanzu.vmware.com/security/cve-2020-5421 (x_refsource_CONFIRM)
[ranger-dev] 20201007 Re: Review Request 72934: RANGER-3022: Upgrade Spring framework to version 4.3.29.RELEASE (mailing-list, x_refsource_MLIST)
[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (mailing-list, x_refsource_MLIST)
[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (mailing-list, x_refsource_MLIST)
[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (mailing-list, x_refsource_MLIST)
[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246) (mailing-list, x_refsource_MLIST)
[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (mailing-list, x_refsource_MLIST)
[hive-dev] 20201022 [jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421 (mailing-list, x_refsource_MLIST)
[hive-issues] 20201022 [jira] [Assigned] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421 (mailing-list, x_refsource_MLIST)
[hive-issues] 20201022 [jira] [Updated] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421 (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-5421?: CVE-2020-5421 is a high-severity vulnerability in Spring By Vmware Framework, classified under CWE-020: IMPROPER INPUT VALIDATION. CVSS score: 8.7/10. Published 2020-09-19.
How severe is CVE-2020-5421?: High severity. CVSS v3 base score is 8.7 out of 10.
Is CVE-2020-5421 known to be exploited?: 20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.