Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2016-1000027
Critical
Low
Medium
High
Critical
9.8
CVSS Score
Vulnerability Description
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
203 configuration(s) from 1 vendor(s)
spring_framework
Version:
3.2.0
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.0:-:*:*:*:*:*:*
spring_framework
Version:
5.3.33
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.33:*:*:*:*:*:*:*
spring_framework
Version:
4.1.4
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.4:*:*:*:*:*:*:*
spring_framework
Version:
4.1.0
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.0:-:*:*:*:*:*:*
spring_framework
Version:
5.0.17
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.17:*:*:*:*:*:*:*
spring_framework
Version:
5.3.31
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
spring_framework
Version:
5.3.1
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.1:*:*:*:*:*:*:*
spring_framework
Version:
5.0.11
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.11:*:*:*:*:*:*:*
spring_framework
Version:
5.1.10
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.10:*:*:*:*:*:*:*
spring_framework
Version:
4.2.5
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.5:*:*:*:*:*:*:*
spring_framework
Version:
5.3.4
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.4:*:*:*:*:*:*:*
spring_framework
Version:
4.3.26
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.26:*:*:*:*:*:*:*
spring_framework
Version:
5.2.23
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.23:*:*:*:*:*:*:*
spring_framework
Version:
5.1.7
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.7:*:*:*:*:*:*:*
spring_framework
Version:
3.2.11
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.11:*:*:*:*:*:*:*
spring_framework
Version:
5.2.13
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.13:*:*:*:*:*:*:*
spring_framework
Version:
3.0.3
CPE:
cpe:2.3:a:vmware:spring_framework:3.0.3:*:*:*:*:*:*:*
spring_framework
Version:
5.3.28
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.28:*:*:*:*:*:*:*
spring_framework
Version:
5.3.37
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.37:*:*:*:*:*:*:*
spring_framework
Version:
5.3.18
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.18:*:*:*:*:*:*:*
spring_framework
Version:
4.3.20
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.20:*:*:*:*:*:*:*
spring_framework
Version:
3.1.3
CPE:
cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*
spring_framework
Version:
4.3.28
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.28:*:*:*:*:*:*:*
spring_framework
Version:
4.3.16
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.16:*:*:*:*:*:*:*
spring_framework
Version:
4.1.9
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.9:*:*:*:*:*:*:*
spring_framework
Version:
5.2.16
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.16:*:*:*:*:*:*:*
spring_framework
Version:
5.1.9
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.9:*:*:*:*:*:*:*
spring_framework
Version:
5.2.17
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.17:*:*:*:*:*:*:*
spring_framework
Version:
5.3.8
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.8:*:*:*:*:*:*:*
spring_framework
Version:
5.3.19
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*
spring_framework
Version:
5.2.25
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.25:*:*:*:*:*:*:*
spring_framework
Version:
4.0.8
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.8:*:*:*:*:*:*:*
spring_framework
Version:
5.0.2
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.2:*:*:*:*:*:*:*
spring_framework
Version:
5.2.14
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.14:*:*:*:*:*:*:*
spring_framework
Version:
4.3.2
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.2:*:*:*:*:*:*:*
spring_framework
Version:
5.0.10
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.10:*:*:*:*:*:*:*
spring_framework
Version:
4.3.0
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.0:-:*:*:*:*:*:*
spring_framework
Version:
4.3.1
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.1:*:*:*:*:*:*:*
spring_framework
Version:
5.3.38
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.38:*:*:*:*:*:*:*
spring_framework
Version:
4.1.1
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.1:*:*:*:*:*:*:*
spring_framework
Version:
4.2.0
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.0:-:*:*:*:*:*:*
spring_framework
Version:
4.0.5
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.5:*:*:*:*:*:*:*
spring_framework
Version:
4.3.21
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.21:*:*:*:*:*:*:*
spring_framework
Version:
3.2.13
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.13:*:*:*:*:*:*:*
spring_framework
Version:
4.0.2
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.2:*:*:*:*:*:*:*
spring_framework
Version:
5.2.9
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.9:*:*:*:*:*:*:*
spring_framework
Version:
3.0.2
CPE:
cpe:2.3:a:vmware:spring_framework:3.0.2:*:*:*:*:*:*:*
spring_framework
Version:
4.1.6
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.6:*:*:*:*:*:*:*
spring_framework
Version:
5.2.2
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.2:*:*:*:*:*:*:*
spring_framework
Version:
4.3.4
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.4:*:*:*:*:*:*:*
spring_framework
Version:
5.2.21
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.21:*:*:*:*:*:*:*
spring_framework
Version:
4.1.2
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.2:*:*:*:*:*:*:*
spring_framework
Version:
5.3.29
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.29:*:*:*:*:*:*:*
spring_framework
Version:
5.3.14
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.14:*:*:*:*:*:*:*
spring_framework
Version:
4.3.5
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.5:*:*:*:*:*:*:*
spring_framework
Version:
4.2.9
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.9:*:*:*:*:*:*:*
spring_framework
Version:
5.2.3
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.3:*:*:*:*:*:*:*
spring_framework
Version:
3.2.4
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.4:*:*:*:*:*:*:*
spring_framework
Version:
5.2.19
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.19:*:*:*:*:*:*:*
spring_framework
Version:
5.1.20
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.20:*:*:*:*:*:*:*
spring_framework
Version:
5.1.14
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.14:*:*:*:*:*:*:*
spring_framework
Version:
3.2.17
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.17:*:*:*:*:*:*:*
spring_framework
Version:
5.3.27
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.27:*:*:*:*:*:*:*
spring_framework
Version:
5.3.13
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.13:*:*:*:*:*:*:*
spring_framework
Version:
5.3.24
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.24:*:*:*:*:*:*:*
spring_framework
Version:
5.2.0
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.0:-:*:*:*:*:*:*
spring_framework
Version:
5.2.20
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.20:*:*:*:*:*:*:*
spring_framework
Version:
5.0.3
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.3:*:*:*:*:*:*:*
spring_framework
Version:
5.3.17
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*
spring_framework
Version:
4.3.18
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.18:*:*:*:*:*:*:*
spring_framework
Version:
5.2.22
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.22:*:*:*:*:*:*:*
spring_framework
Version:
5.3.30
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.30:*:*:*:*:*:*:*
spring_framework
Version:
5.3.10
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.10:*:*:*:*:*:*:*
spring_framework
Version:
5.1.11
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.11:*:*:*:*:*:*:*
spring_framework
Version:
5.1.6
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.6:*:*:*:*:*:*:*
spring_framework
Version:
4.3.30
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.30:*:*:*:*:*:*:*
spring_framework
Version:
4.3.7
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.7:*:*:*:*:*:*:*
spring_framework
Version:
4.1.8
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.8:*:*:*:*:*:*:*
spring_framework
Version:
3.2.15
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.15:*:*:*:*:*:*:*
spring_framework
Version:
5.1.15
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.15:*:*:*:*:*:*:*
spring_framework
Version:
3.2.12
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.12:*:*:*:*:*:*:*
spring_framework
Version:
5.0.12
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.12:*:*:*:*:*:*:*
spring_framework
Version:
5.0.13
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.13:*:*:*:*:*:*:*
spring_framework
Version:
5.3.0
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.0:milestone1:*:*:*:*:*:*
spring_framework
Version:
5.1.16
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.16:*:*:*:*:*:*:*
spring_framework
Version:
5.1.19
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.19:*:*:*:*:*:*:*
spring_framework
Version:
5.2.11
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.11:*:*:*:*:*:*:*
spring_framework
Version:
5.3.26
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.26:*:*:*:*:*:*:*
spring_framework
Version:
5.1.13
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.13:*:*:*:*:*:*:*
spring_framework
Version:
5.3.23
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*
spring_framework
Version:
3.0.6
CPE:
cpe:2.3:a:vmware:spring_framework:3.0.6:*:*:*:*:*:*:*
spring_framework
Version:
5.0.8
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.8:*:*:*:*:*:*:*
spring_framework
Version:
5.0.1
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.1:*:*:*:*:*:*:*
spring_framework
Version:
5.3.40
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.40:*:*:*:*:*:*:*
spring_framework
Version:
4.3.29
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.29:*:*:*:*:*:*:*
spring_framework
Version:
3.2.2
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.2:*:*:*:*:*:*:*
spring_framework
Version:
4.3.11
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.11:*:*:*:*:*:*:*
spring_framework
Version:
5.2.7
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.7:*:*:*:*:*:*:*
spring_framework
Version:
4.2.8
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.8:*:*:*:*:*:*:*
spring_framework
Version:
5.3.7
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.7:*:*:*:*:*:*:*
spring_framework
Version:
3.2.1
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.1:*:*:*:*:*:*:*
spring_framework
Version:
5.3.21
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.21:*:*:*:*:*:*:*
spring_framework
Version:
5.2.6
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.6:*:*:*:*:*:*:*
spring_framework
Version:
4.0.9
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.9:*:*:*:*:*:*:*
spring_framework
Version:
3.2.3
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.3:*:*:*:*:*:*:*
spring_framework
Version:
3.2.16
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.16:*:*:*:*:*:*:*
spring_framework
Version:
5.3.12
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.12:*:*:*:*:*:*:*
spring_framework
Version:
4.3.6
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.6:*:*:*:*:*:*:*
spring_framework
Version:
5.2.5
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.5:*:*:*:*:*:*:*
spring_framework
Version:
3.0.0
CPE:
cpe:2.3:a:vmware:spring_framework:3.0.0:-:*:*:*:*:*:*
spring_framework
Version:
4.3.3
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.3:*:*:*:*:*:*:*
spring_framework
Version:
5.2.1
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.1:*:*:*:*:*:*:*
spring_framework
Version:
5.0.6
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.6:*:*:*:*:*:*:*
spring_framework
Version:
3.1.1
CPE:
cpe:2.3:a:vmware:spring_framework:3.1.1:*:*:*:*:*:*:*
spring_framework
Version:
5.3.41
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.41:*:*:*:*:*:*:*
spring_framework
Version:
4.3.13
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.13:*:*:*:*:*:*:*
spring_framework
Version:
3.1.2
CPE:
cpe:2.3:a:vmware:spring_framework:3.1.2:*:*:*:*:*:*:*
spring_framework
Version:
4.0.3
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.3:*:*:*:*:*:*:*
spring_framework
Version:
4.0.0
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.0:-:*:*:*:*:*:*
spring_framework
Version:
4.2.7
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.7:*:*:*:*:*:*:*
spring_framework
Version:
4.2.1
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.1:*:*:*:*:*:*:*
spring_framework
Version:
5.3.11
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.11:*:*:*:*:*:*:*
spring_framework
Version:
5.3.36
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.36:*:*:*:*:*:*:*
spring_framework
Version:
5.0.18
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.18:*:*:*:*:*:*:*
spring_framework
Version:
5.1.12
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.12:*:*:*:*:*:*:*
spring_framework
Version:
5.2.8
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.8:*:*:*:*:*:*:*
spring_framework
Version:
5.2.4
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.4:*:*:*:*:*:*:*
spring_framework
Version:
5.1.4
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.4:*:*:*:*:*:*:*
spring_framework
Version:
5.0.0
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.0:-:*:*:*:*:*:*
spring_framework
Version:
4.3.24
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.24:*:*:*:*:*:*:*
spring_framework
Version:
4.3.27
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.27:*:*:*:*:*:*:*
spring_framework
Version:
3.0.4
CPE:
cpe:2.3:a:vmware:spring_framework:3.0.4:*:*:*:*:*:*:*
spring_framework
Version:
5.3.20
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.20:*:*:*:*:*:*:*
spring_framework
Version:
5.0.5
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.5:*:*:*:*:*:*:*
spring_framework
Version:
4.3.17
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.17:*:*:*:*:*:*:*
spring_framework
Version:
5.0.7
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.7:*:*:*:*:*:*:*
spring_framework
Version:
5.3.35
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.35:*:*:*:*:*:*:*
spring_framework
Version:
5.0.19
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.19:*:*:*:*:*:*:*
spring_framework
Version:
4.2.2
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.2:*:*:*:*:*:*:*
spring_framework
Version:
3.2.5
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.5:*:*:*:*:*:*:*
spring_framework
Version:
5.1.0
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.0:-:*:*:*:*:*:*
spring_framework
Version:
4.3.15
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.15:*:*:*:*:*:*:*
spring_framework
Version:
5.1.2
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.2:*:*:*:*:*:*:*
spring_framework
Version:
5.2.18
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.18:*:*:*:*:*:*:*
spring_framework
Version:
4.3.10
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.10:*:*:*:*:*:*:*
spring_framework
Version:
5.2.12
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.12:*:*:*:*:*:*:*
spring_framework
Version:
4.3.9
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.9:*:*:*:*:*:*:*
spring_framework
Version:
4.3.14
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.14:*:*:*:*:*:*:*
spring_framework
Version:
5.0.20
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.20:*:*:*:*:*:*:*
spring_framework
Version:
5.3.6
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.6:*:*:*:*:*:*:*
spring_framework
Version:
4.1.7
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.7:*:*:*:*:*:*:*
spring_framework
Version:
5.0.9
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.9:*:*:*:*:*:*:*
spring_framework
Version:
4.3.19
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.19:*:*:*:*:*:*:*
spring_framework
Version:
5.1.5
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.5:*:*:*:*:*:*:*
spring_framework
Version:
3.2.10
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.10:*:*:*:*:*:*:*
spring_framework
Version:
4.1.3
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.3:*:*:*:*:*:*:*
spring_framework
Version:
5.0.15
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.15:*:*:*:*:*:*:*
spring_framework
Version:
5.0.4
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.4:*:*:*:*:*:*:*
spring_framework
Version:
3.2.6
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.6:*:*:*:*:*:*:*
spring_framework
Version:
5.3.25
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.25:*:*:*:*:*:*:*
spring_framework
Version:
5.1.8
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.8:*:*:*:*:*:*:*
spring_framework
Version:
4.3.8
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.8:*:*:*:*:*:*:*
spring_framework
Version:
5.2.15
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.15:*:*:*:*:*:*:*
spring_framework
Version:
4.2.3
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.3:*:*:*:*:*:*:*
spring_framework
Version:
5.3.3
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.3:*:*:*:*:*:*:*
spring_framework
Version:
4.0.7
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.7:*:*:*:*:*:*:*
spring_framework
Version:
5.3.2
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.2:*:*:*:*:*:*:*
spring_framework
Version:
5.1.3
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.3:*:*:*:*:*:*:*
spring_framework
Version:
5.1.1
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.1:*:*:*:*:*:*:*
spring_framework
Version:
5.2.10
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.10:*:*:*:*:*:*:*
spring_framework
Version:
3.2.14
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.14:*:*:*:*:*:*:*
spring_framework
Version:
3.0.5
CPE:
cpe:2.3:a:vmware:spring_framework:3.0.5:*:*:*:*:*:*:*
spring_framework
Version:
5.3.32
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.32:*:*:*:*:*:*:*
spring_framework
Version:
5.3.5
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.5:*:*:*:*:*:*:*
spring_framework
Version:
4.2.4
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.4:*:*:*:*:*:*:*
spring_framework
Version:
5.1.18
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.18:*:*:*:*:*:*:*
spring_framework
Version:
5.2.24
CPE:
cpe:2.3:a:vmware:spring_framework:5.2.24:*:*:*:*:*:*:*
spring_framework
Version:
5.3.15
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.15:*:*:*:*:*:*:*
spring_framework
Version:
4.3.12
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.12:*:*:*:*:*:*:*
spring_framework
Version:
4.0.6
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.6:*:*:*:*:*:*:*
spring_framework
Version:
3.1.4
CPE:
cpe:2.3:a:vmware:spring_framework:3.1.4:*:*:*:*:*:*:*
spring_framework
Version:
5.3.39
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*
spring_framework
Version:
4.0.4
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.4:*:*:*:*:*:*:*
spring_framework
Version:
4.3.22
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.22:*:*:*:*:*:*:*
spring_framework
Version:
5.3.34
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.34:*:*:*:*:*:*:*
spring_framework
Version:
3.2.7
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.7:*:*:*:*:*:*:*
spring_framework
Version:
5.0.16
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.16:*:*:*:*:*:*:*
spring_framework
Version:
5.3.9
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.9:*:*:*:*:*:*:*
spring_framework
Version:
4.2.6
CPE:
cpe:2.3:a:vmware:spring_framework:4.2.6:*:*:*:*:*:*:*
spring_framework
Version:
5.3.16
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*
spring_framework
Version:
4.3.25
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.25:*:*:*:*:*:*:*
spring_framework
Version:
3.1.0
CPE:
cpe:2.3:a:vmware:spring_framework:3.1.0:-:*:*:*:*:*:*
spring_framework
Version:
3.0.7
CPE:
cpe:2.3:a:vmware:spring_framework:3.0.7:*:*:*:*:*:*:*
spring_framework
Version:
5.0.14
CPE:
cpe:2.3:a:vmware:spring_framework:5.0.14:*:*:*:*:*:*:*
spring_framework
Version:
4.1.5
CPE:
cpe:2.3:a:vmware:spring_framework:4.1.5:*:*:*:*:*:*:*
spring_framework
Version:
4.3.23
CPE:
cpe:2.3:a:vmware:spring_framework:4.3.23:*:*:*:*:*:*:*
spring_framework
Version:
3.0.1
CPE:
cpe:2.3:a:vmware:spring_framework:3.0.1:*:*:*:*:*:*:*
spring_framework
Version:
3.2.9
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.9:*:*:*:*:*:*:*
spring_framework
Version:
5.1.17
CPE:
cpe:2.3:a:vmware:spring_framework:5.1.17:*:*:*:*:*:*:*
spring_framework
Version:
3.2.18
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.18:*:*:*:*:*:*:*
spring_framework
Version:
3.2.8
CPE:
cpe:2.3:a:vmware:spring_framework:3.2.8:*:*:*:*:*:*:*
spring_framework
Version:
4.0.1
CPE:
cpe:2.3:a:vmware:spring_framework:4.0.1:*:*:*:*:*:*:*
spring_framework
Version:
5.3.22
CPE:
cpe:2.3:a:vmware:spring_framework:5.3.22:*:*:*:*:*:*:*
This vulnerability affects 203 software configuration(s). Ensure you patch all affected systems.
Oracle
CPUAPR2025
Oracle Critical Patch Update Advisory - April 2025
Severity
Critical
Released
Apr 15, 2025
Restart Required
Security Update
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
References & Resources
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027cve@mitre.org Issue Tracking Third Party Advisory
-
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626cve@mitre.org Issue Tracking Third Party Advisory
-
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417cve@mitre.org Issue Tracking Third Party Advisory
-
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525cve@mitre.org Issue Tracking Third Party Advisory
-
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.jsoncve@mitre.org Broken Link Exploit Third Party Advisory
-
https://security-tracker.debian.org/tracker/CVE-2016-1000027cve@mitre.org Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20230420-0009/cve@mitre.org
-
https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-nowcve@mitre.org Release Notes Third Party Advisory
-
https://www.tenable.com/security/research/tra-2016-20cve@mitre.org Exploit Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000027af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory
-
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-579669626af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory
-
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-582313417af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory
-
https://github.com/spring-projects/spring-framework/issues/24434#issuecomment-744519525af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory
-
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000027.jsonaf854a3a-2127-422b-91ae-364da2661108 Broken Link Exploit Third Party Advisory
-
https://security-tracker.debian.org/tracker/CVE-2016-1000027af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20230420-0009/af854a3a-2127-422b-91ae-364da2661108
-
https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-nowaf854a3a-2127-422b-91ae-364da2661108 Release Notes Third Party Advisory
-
https://www.tenable.com/security/research/tra-2016-20af854a3a-2127-422b-91ae-364da2661108 Exploit Third Party Advisory
Severity Details
9.8
out of 10.0
Critical
Weakness Type (CWE)
CWE-502
Top 25 #15
Deserialization of Untrusted Data
- Description
- The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
- Exploit Likelihood
- Medium
- Typical Severity
- Medium
- OWASP Top 10
- A08:2021-Software/Data Integrity Failures
- Abstraction Level
- Base
Key Information
- Published Date
- January 02, 2020
