2018-04-06 15:29:00 2019-07-03 21:15:11

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Oracle Retail predictive application server 14.0 (not an official CPE) Oracle Retail order broker 16.0 (not an official CPE) Oracle Retail point-of-sale 14.1 (not an official CPE) Oracle Retail point-of-sale 14.0 (not an official CPE) Oracle Retail order broker 15.0 (not an official CPE) Oracle Retail order broker 5.2 (not an official CPE) Oracle Retail open commerce platform 6.0.1 (not an official CPE) Oracle Retail order broker 5.1 (not an official CPE) Oracle Retail open commerce platform 6.0.0 (not an official CPE) Oracle Retail integration bus 16.0.2 (not an official CPE) Oracle Retail open commerce platform 5.3.0 (not an official CPE) Oracle Retail integration bus 16.0 (not an official CPE) Oracle Retail integration bus 16.0.1 (not an official CPE) Oracle Retail integration bus 15.0.1 (not an official CPE) Oracle Retail integration bus 15.0.2 (not an official CPE) Oracle Retail integration bus 15.0.0.1 (not an official CPE) Oracle Retail integration bus 14.1.2 (not an official CPE) Oracle Retail integration bus 14.1.3 (not an official CPE) Oracle Retail integration bus 14.1.1 (not an official CPE) Oracle Retail integration bus 14.0.4 (not an official CPE) Oracle Retail integration bus 14.0.3 (not an official CPE) Oracle Retail integration bus 14.0.2 (not an official CPE) Oracle Retail integration bus 14.0.1 (not an official CPE) Oracle Retail customer insights 16.0 (not an official CPE) Oracle Retail customer insights 15.0 (not an official CPE) Oracle Retail central office 14.1 (not an official CPE) Oracle Retail central office 14.0 (not an official CPE) Oracle Retail back office 14.1 (not an official CPE) Oracle Retail back office 14.0 (not an official CPE) Oracle Primavera gateway 17.12 (not an official CPE) Oracle Primavera gateway 16.2 (not an official CPE) Oracle Primavera gateway 15.2 (not an official CPE) Oracle Insurance rules palette 11.1 (not an official CPE) Oracle Insurance rules palette 11.0 (not an official CPE) Oracle Insurance rules palette 10.2 (not an official CPE) Oracle Insurance rules palette 10.1 (not an official CPE) Oracle Insurance rules palette 10.0 (not an official CPE) Oracle Insurance calculation engine 10.2.1 (not an official CPE) Oracle Insurance calculation engine 10.2 (not an official CPE) Oracle Insurance calculation engine 10.1.1 (not an official CPE) Oracle Healthcare master person index 4.0 (not an official CPE) Oracle Healthcare master person index 3.0 (not an official CPE) Oracle Health sciences information manager 3.0 (not an official CPE) Oracle Goldengate for big data 12.3.2.1 (not an official CPE) Oracle Goldengate for big data 12.3.1.1 (not an official CPE) Oracle Goldengate for big data 12.2.0.1 (not an official CPE) Oracle Enterprise manager ops center 12.3.3 (not an official CPE) Oracle Enterprise manager ops center 12.2.2 (not an official CPE) Oracle Communications diameter signaling router 8.2 (not an official CPE) Oracle Communications diameter signaling router 8.1 (not an official CPE) Oracle Communications diameter signaling router 6.0 (not an official CPE) Oracle Big data discovery 1.6.0 (not an official CPE) Oracle Application testing suite 13.3.0.1 (not an official CPE) Oracle Application testing suite 13.2.0.1 (not an official CPE) Oracle Application testing suite 13.1.0.1 (not an official CPE) Oracle Application testing suite 12.5.0.3 (not an official CPE) Oracle Retail predictive application server 14.1 (not an official CPE) Oracle Retail predictive application server 15.0 (not an official CPE) Oracle Retail predictive application server 16.0 (not an official CPE) Oracle Retail returns management 14.0 (not an official CPE) Oracle Retail returns management 14.1 (not an official CPE) Oracle Service architecture leveraging tuxedo 12.1.3.0.0 (not an official CPE) Oracle Service architecture leveraging tuxedo 12.2.2.0.0 (not an official CPE) Oracle Tape library acsls 8.4 (not an official CPE) Pivotal software Spring framework 4.2.9 (not an official CPE) Pivotal software Spring framework 4.3.0 (not an official CPE) Pivotal software Spring framework 4.3.0 - (not an official CPE) Pivotal software Spring framework 4.3.0 Rc1 (not an official CPE) Pivotal software Spring framework 4.3.0 Rc2 (not an official CPE) Pivotal software Spring framework 4.3.1 (not an official CPE) Pivotal software Spring framework 4.3.2 (not an official CPE) Pivotal software Spring framework 4.3.3 (not an official CPE) Pivotal software Spring framework 4.3.4 (not an official CPE) Pivotal software Spring framework 4.3.5 (not an official CPE) Pivotal software Spring framework 4.3.6 (not an official CPE) Pivotal software Spring framework 4.3.7 (not an official CPE) Pivotal software Spring framework 4.3.8 (not an official CPE) Pivotal software Spring framework 4.3.9 (not an official CPE) Pivotal software Spring framework 4.3.10 (not an official CPE) Pivotal software Spring framework 4.3.11 (not an official CPE) Pivotal software Spring framework 4.3.12 (not an official CPE) Pivotal software Spring framework 4.3.13 (not an official CPE) Pivotal software Spring framework 4.3.14 (not an official CPE) Pivotal software Spring framework 4.3.15 (not an official CPE) Pivotal software Spring framework 5.0.0 (not an official CPE) Pivotal software Spring framework 5.0.0 - (not an official CPE) Pivotal software Spring framework 5.0.0 Milestone1 (not an official CPE) Pivotal software Spring framework 5.0.0 Milestone2 (not an official CPE) Pivotal software Spring framework 5.0.0 Milestone3 (not an official CPE) Pivotal software Spring framework 5.0.0 Milestone4 (not an official CPE) Pivotal software Spring framework 5.0.0 Milestone5 (not an official CPE) Pivotal software Spring framework 5.0.0 Rc1 (not an official CPE) Pivotal software Spring framework 5.0.0 Rc2 (not an official CPE) Pivotal software Spring framework 5.0.0 Rc3 (not an official CPE) Pivotal software Spring framework 5.0.0 Rc4 (not an official CPE) Pivotal software Spring framework 5.0.1 (not an official CPE) Pivotal software Spring framework 5.0.2 (not an official CPE) Pivotal software Spring framework 5.0.3 (not an official CPE) Pivotal software Spring framework 5.0.4 (not an official CPE)