Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query
CVE-2020-5427

5.7MEDIUM

Key Information:

Vendor: Spring By Vmware
Status: Spring Cloud Data Flow
Vendor: CVE Published:; 27 January 2021

🔔 Create Spring By Vmware Vulnerability Alert

What is CVE-2020-5427?

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution.

Affected Version(s)

Spring Cloud Data Flow 2.6 < 2.6.5

Spring Cloud Data Flow 2.5 < 2.5.4

References

https://tanzu.vmware.com/security/cve-2020-5427

x_refsource_CONFIRM

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2021
Vulnerability Reserved
Jan 3, 2020