Base Score

MEDIUM6

CVE-2020-5428

In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer.

VectorNETWORK

Published Bysecurity@pivotal.io

Published DateJan 27, 2021, 18:15

Affected Versions(1)

org.springframework.cloud:spring-cloud-task-dependencies(Maven)

Introduced0

Fixed2.2.5

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.springframework.cloud:spring-cloud-task-dependencies(Maven)	0	2.2.5	N/A

Weakness Type (CWE):CWE-89

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

LOW

References

https://tanzu.vmware.com/security/cve-2020-5428

Base Score

MEDIUM6

Weakness Type (CWE):CWE-89

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

LOW

Availability (A)

LOW