Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
References
Link | Resource |
---|---|
https://pivotal.io/security/cve-2019-3773 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20231227-0011/ | |
https://www.oracle.com//security-alerts/cpujul2021.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuApr2021.html | Not Applicable |
https://www.oracle.com/security-alerts/cpujan2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
27 Dec 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Oct 2022, 20:36
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Not Applicable | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* |
|
First Time |
Oracle flexcube Private Banking
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Jan 2021, 02:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory |
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-01-18 22:29
Updated : 2023-12-27 15:15
NVD link : CVE-2019-3773
Mitre link : CVE-2019-3773
CVE.ORG link : CVE-2019-3773
JSON object : View
Products Affected
oracle
- flexcube_private_banking
- financial_services_analytical_applications_infrastructure
pivotal_software
- spring_web_services
CWE
CWE-611
Improper Restriction of XML External Entity Reference