CVE-2019-3773

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pivotal_software:spring_web_services:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:spring_web_services:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

History

27 Dec 2023, 15:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20231227-0011/ -

05 Oct 2022, 20:36

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Not Applicable
References (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Patch, Third Party Advisory
CPE cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
First Time Oracle flexcube Private Banking

14 Jun 2021, 18:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -

30 Jan 2021, 02:36

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
References (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory

20 Jan 2021, 15:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2021.html -

Information

Published : 2019-01-18 22:29

Updated : 2023-12-27 15:15


NVD link : CVE-2019-3773

Mitre link : CVE-2019-3773

CVE.ORG link : CVE-2019-3773


JSON object : View

Products Affected

oracle

  • flexcube_private_banking
  • financial_services_analytical_applications_infrastructure

pivotal_software

  • spring_web_services
CWE
CWE-611

Improper Restriction of XML External Entity Reference