VDB
CVE-2019-3773
CVE-2019-3773
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Reported by dell · Published January 18, 2019
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spring | Spring Web Services | 3.0, 2.4 |
| Maven | org.springframework.ws:spring-xml | 0, 0, 0 |
| Spring | Spring Web Services | 3.0, 2.4, 3.0 |
| Maven | org.springframework.ws:spring-ws | 0, 0, 0 |
Timeline
- Jan 18, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 15, 2021 CVE Updated
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score