Vulnerability of VMware Spring Framework: privilege escalation via RFD Protection Bypass

Synthesis of the vulnerability

An attacker can bypass restrictions via RFD Protection Bypass of VMware Spring Framework, in order to escalate his privileges.

Vulnerable software: Spring Framework.

Severity of this announce: 2/4.

Creation date: 17/09/2020.

Références of this computer vulnerability: CVE-2020-5421, VIGILANCE-VUL-33361.

Description of the vulnerability

An attacker can bypass restrictions via RFD Protection Bypass of VMware Spring Framework, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This threat note impacts software or systems such as Spring Framework.

Our Vigil@nce team determined that the severity of this cybersecurity note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability note.

Solutions for this threat

VMware Spring Framework: version 5.2.9.
The version 5.2.9 is fixed:
https://tanzu.vmware.com/spring-app-framework

VMware Spring Framework: version 5.1.18.
The version 5.1.18 is fixed:
https://tanzu.vmware.com/spring-app-framework

VMware Spring Framework: version 5.0.19.
The version 5.0.19 is fixed:
https://tanzu.vmware.com/spring-app-framework

VMware Spring Framework: version 4.3.29.
The version 4.3.29 is fixed:
https://tanzu.vmware.com/spring-app-framework

Spring Boot: version 2.3.4.
The version 2.3.4 is fixed:
https://spring.io/projects/spring-boot

Spring Boot: version 2.2.10.
The version 2.2.10 is fixed:
https://spring.io/projects/spring-boot

Spring Boot: version 2.1.17.
The version 2.1.17 is fixed:
https://spring.io/projects/spring-boot
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a system vulnerability watch. The Vigil@nce vulnerability database contains several thousand vulnerabilities.