CVE-2019-3773
published 2019-01-18CVE-2019-3773: Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | financial_services_analytical_applications_infrastructure | 8.0.6 – 8.1.0 | — |
| oracle | flexcube_private_banking | — | — |
| oracle | flexcube_private_banking | — | — |
| pivotal_software | spring_web_services | <= 2.4.3 | — |
| pivotal_software | spring_web_services | 3.0.0 – 3.0.4 | — |
| spring | spring_web_services | >= 2.4 < v2.4.3.RELEASE | v2.4.3.RELEASE |
| spring | spring_web_services | >= 3.0 < v3.0.4.RELEASE | v3.0.4.RELEASE |