Remote Code Execution Vulnerability in Pivotal Spring Framework
CVE-2016-1000027
Key Information:
- Vendor
- Vmware
- Status
- Vendor
- CVE Published:
- 2 January 2020
Badges
Summary
A potential remote code execution (RCE) vulnerability exists in the Pivotal Spring Framework, stemming from unsafe Java deserialization of untrusted data. Although the vendor maintains that handling untrusted data is not within the intended scope of the framework's use, the risk level depends on the specific implementation in various products. Depending on the implementation, this vulnerability could be exploited if authentication measures are not adequate.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
49% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved