CVE-2019-3773
CRITICALSpring Web Services < 2.4.3 - XML External Entity Injection
Title source: llmDescription
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
References (5)
Core 5
Core References
Vendor Advisory
https://pivotal.io/security/cve-2019-3773
Patch, Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html
Not Applicable
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20231227-0011/
Scores
CVSS v3
9.8
EPSS
0.0411
EPSS Percentile
89.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (6)
oracle/financial_services_analytical_applications_infrastructure
8.0.6 - 8.1.0
oracle/flexcube_private_banking
12.0.0
oracle/flexcube_private_banking
12.1.0
org.springframework.ws/spring-ws
0 - 2.4.4Maven
org.springframework.ws/spring-xml
0 - 2.4.4Maven
pivotal_software/spring_web_services
< 2.4.3
Published
Jan 18, 2019
Tracked Since
Feb 18, 2026