Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
References
Link | Resource |
---|---|
https://pivotal.io/security/cve-2019-3773 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20231227-0011/ | |
https://www.oracle.com//security-alerts/cpujul2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Not Applicable |
https://www.oracle.com/security-alerts/cpujan2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
27 Dec 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Not Applicable | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* |
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-01-18 22:29
Updated : 2024-02-04 20:03
NVD link : CVE-2019-3773
Mitre link : CVE-2019-3773
CVE.ORG link : CVE-2019-3773
JSON object : View
Products Affected
oracle
- financial_services_analytical_applications_infrastructure
- flexcube_private_banking
pivotal_software
- spring_web_services
CWE
CWE-611
Improper Restriction of XML External Entity Reference