// For flags

CVE-2016-1000027

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.

Pivotal Spring Framework hasta la versión 5.3.16 sufre un potencial problema de ejecución remota de código (RCE) si se utiliza para la deserialización en Java de datos no confiables. Dependiendo de cómo se implemente la librería dentro de un producto, este problema puede ocurrir o no, y puede ser necesaria la autenticación. NOTA: la posición del proveedor es que los datos no confiables no son un caso de uso previsto. El comportamiento del producto no se modificará porque algunos usuarios dependen de la deserialización de datos de confianza

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-07-18 CVE Reserved
  • 2020-01-02 CVE Published
  • 2023-07-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Spring Framework
Search vendor "Vmware" for product "Spring Framework"
< 6.0.0
Search vendor "Vmware" for product "Spring Framework" and version " < 6.0.0"
-
Affected