2018-04-06 15:29:00 2020-08-31 16:15:00

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Oracle Tape library acsls 8.4 * * * (not an official CPE) Oracle Service architecture leveraging tuxedo 12.2.2.0.0 * * * (not an official CPE) Oracle Service architecture leveraging tuxedo 12.1.3.0.0 * * * (not an official CPE) Oracle Retail returns management 14.1 * * * (not an official CPE) Oracle Retail returns management 14.0 * * * (not an official CPE) Oracle Retail predictive application server 16.0 * * * (not an official CPE) Oracle Retail predictive application server 15.0 * * * (not an official CPE) Oracle Retail predictive application server 14.1 * * * (not an official CPE) Oracle Retail predictive application server 14.0 * * * (not an official CPE) Oracle Retail point-of-sale 14.1 * * * (not an official CPE) Oracle Retail order broker 16.0 * * * (not an official CPE) Oracle Retail point-of-sale 14.0 * * * (not an official CPE) Oracle Retail order broker 5.1 * * * (not an official CPE) Oracle Retail order broker 5.2 * * * (not an official CPE) Oracle Retail order broker 15.0 * * * (not an official CPE) Oracle Retail open commerce platform 6.0.0 * * * (not an official CPE) Oracle Retail open commerce platform 6.0.1 * * * (not an official CPE) Oracle Retail integration bus 16.0.1 * * * (not an official CPE) Oracle Retail integration bus 16.0.2 * * * (not an official CPE) Oracle Retail open commerce platform 5.3.0 * * * (not an official CPE) Oracle Retail integration bus 16.0 * * * (not an official CPE) Oracle Retail integration bus 15.0.2 * * * (not an official CPE) Oracle Retail integration bus 15.0.1 * * * (not an official CPE) Oracle Retail integration bus 15.0.0.1 * * * (not an official CPE) Oracle Retail integration bus 14.1.1 * * * (not an official CPE) Oracle Retail integration bus 14.1.3 * * * (not an official CPE) Oracle Retail integration bus 14.1.2 * * * (not an official CPE) Oracle Retail integration bus 14.0.4 * * * (not an official CPE) Oracle Retail integration bus 14.0.3 * * * (not an official CPE) Oracle Retail customer insights 16.0 * * * (not an official CPE) Oracle Retail integration bus 14.0.1 * * * (not an official CPE) Oracle Retail integration bus 14.0.2 * * * (not an official CPE) Oracle Retail central office 14.0 * * * (not an official CPE) Oracle Retail central office 14.1 * * * (not an official CPE) Oracle Retail customer insights 15.0 * * * (not an official CPE) Oracle Retail back office 14.1 * * * (not an official CPE) Oracle Retail back office 14.0 * * * (not an official CPE) Oracle Primavera gateway 17.12 * * * (not an official CPE) Oracle Primavera gateway 16.2 * * * (not an official CPE) Oracle Primavera gateway 15.2 * * * (not an official CPE) Oracle Insurance rules palette 11.1 * * * (not an official CPE) Oracle Insurance rules palette 11.0 * * * (not an official CPE) Oracle Insurance rules palette 10.2 * * * (not an official CPE) Oracle Insurance rules palette 10.0 * * * (not an official CPE) Oracle Insurance rules palette 10.1 * * * (not an official CPE) Oracle Insurance calculation engine 10.2.1 * * * (not an official CPE) Oracle Insurance calculation engine 10.2 * * * (not an official CPE) Oracle Healthcare master person index 4.0 * * * (not an official CPE) Oracle Insurance calculation engine 10.1.1 * * * (not an official CPE) Oracle Healthcare master person index 3.0 * * * (not an official CPE) Oracle Health sciences information manager 3.0 * * * (not an official CPE) Oracle Goldengate for big data 12.3.1.1 * * * (not an official CPE) Oracle Goldengate for big data 12.3.2.1 * * * (not an official CPE) Oracle Goldengate for big data 12.2.0.1 * * * (not an official CPE) Oracle Enterprise manager ops center 12.3.3 * * * (not an official CPE) Oracle Communications services gatekeeper * * * * (not an official CPE) Oracle Enterprise manager ops center 12.2.2 * * * (not an official CPE) Oracle Communications performance intelligence center * * * * (not an official CPE) Oracle Communications diameter signaling router * * * * (not an official CPE) Oracle Communications converged application server * * * * (not an official CPE) Oracle Application testing suite 13.3.0.1 * * * (not an official CPE) Oracle Big data discovery 1.6.0 * * * (not an official CPE) Oracle Application testing suite 13.2.0.1 * * * (not an official CPE) Oracle Application testing suite 12.5.0.3 * * * (not an official CPE) Oracle Application testing suite 13.1.0.1 * * * (not an official CPE) Pivotal software Spring framework * * * * (not an official CPE) Pivotal software Spring framework * * * * (not an official CPE) Pivotal software Spring framework * * * * (not an official CPE)