Is CVE-2020-5408 actively exploited?

CVE-2020-5408 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2020-5408?

CVE-2020-5408 has a CVSS score of 6.5 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

How do I patch CVE-2020-5408?

Patch guidance is available from pivotal software security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-5408.

CVE-2020-5408 - remediation guidance & executive summary

Q: Which products are affected by CVE-2020-5408?

5 products: pivotal software spring security, pivotal software spring security, vmware spring security, vmware spring security, vmware spring security.

Description

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-329 CWE-330

Metadata

Primary Vendor: PIVOTAL_SOFTWARE
Published: 5/14/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

pivotal_software : spring_securitypivotal_software : spring_securityvmware : spring_securityvmware : spring_securityvmware : spring_security

Remediation Guidance

Executive Summary

View on NIST NVD