2018-06-25 17:29:00 2020-07-15 05:15:00

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Oracle Weblogic server 12.2.1.3.0 * * * (not an official CPE) Oracle Utilities network management system 1.12.0.3 * * * (not an official CPE) Oracle Retail customer insights 16.0 * * * (not an official CPE) Oracle Retail customer insights 15.0 * * * (not an official CPE) Oracle Mysql enterprise monitor * * * * (not an official CPE) Oracle Product lifecycle management 9.3.6 * * * (not an official CPE) Oracle Micros lucas 2.9.5 * * * (not an official CPE) Oracle Mysql enterprise monitor * * * * (not an official CPE) Oracle Mysql enterprise monitor * * * * (not an official CPE) Oracle Insurance rules palette 10.2 * * * (not an official CPE) Oracle Hospitality guest access 4.2.0 * * * (not an official CPE) Oracle Hospitality guest access 4.2.1 * * * (not an official CPE) Oracle Insurance rules palette 10.0 * * * (not an official CPE) Oracle Healthcare master person index 4.0 * * * (not an official CPE) Oracle Healthcare master person index 3.0 * * * (not an official CPE) Oracle Flexcube private banking 12.1.0.0 * * * (not an official CPE) Oracle Flexcube private banking 12.0.3.0 * * * (not an official CPE) Oracle Flexcube private banking 12.0.1.0 * * * (not an official CPE) Oracle Enterprise manager ops center 12.3.3 * * * (not an official CPE) Oracle Flexcube private banking 2.0.0.0 * * * (not an official CPE) Oracle Flexcube private banking 2.2.0.1 * * * (not an official CPE) Oracle Endeca information discovery integrator 3.2.0 * * * (not an official CPE) Oracle Enterprise manager 13.2 * * * (not an official CPE) Oracle Endeca information discovery integrator 3.1.0 * * * (not an official CPE) Oracle Communications unified inventory management 7.4.0 * * * (not an official CPE) Oracle Communications unified inventory management 7.3.5 * * * (not an official CPE) Oracle Communications unified inventory management 7.3.4 * * * (not an official CPE) Oracle Communications unified inventory management 7.3.2 * * * (not an official CPE) Oracle Communications services gatekeeper * * * * (not an official CPE) Oracle Application testing suite 13.3.0.1 * * * (not an official CPE) Oracle Application testing suite 13.2.0.1 * * * (not an official CPE) Oracle Application testing suite 12.5.0.3 * * * (not an official CPE) Oracle Application testing suite 13.1.0.1 * * * (not an official CPE) Oracle Agile product lifecycle management 9.3.5 * * * (not an official CPE) Oracle Agile product lifecycle management 9.3.4 * * * (not an official CPE) Oracle Agile product lifecycle management 9.3.3 * * * (not an official CPE) Pivotal software Spring framework * * * * (not an official CPE) Pivotal software Spring framework * * * * (not an official CPE)