In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.

The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the April 2021 CPU advisory.

  - Vulnerability in the Siebel Engineering - Installer and Deployment product of Oracle Siebel CRM     (component: Siebel Approval Manager (Spring Framework)). Supported versions that are affected are 21.1 and     prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to     compromise Siebel Engineering - Installer and Deployment. Successful attacks require human interaction     from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of     Siebel Engineering - Installer and Deployment. (CVE-2020-5398)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory.

  - A vulnerability Centralized Thirdparty Jars (jackson-databind) exists. An unauthenticated, remote attacker     can exploit this issue via the HTTP protocol to takeover the Oracle WebLogic Server. (CVE-2020-9546)

  - A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue     via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14687)

  - A vulnerability in the Core component exists. An unauthenticated, remote attacker can exploit this issue     via the IIOP and T3 protocols to takeover the Oracle WebLogic Server. (CVE-2020-14645)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Also note that Oracle recommends applying ADR patches for the security issues documented here. Please see the applicable ADR Patch note for more information on the applicability of this patch.

According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 4.0.x prior to 4.0.13.5350 or 8.0.x prior to 8.0.21.1243. It is, therefore, affected by a reflected file download vulnerability. An unauthenticated, remote attacker could exploit this, by convincing a victim to click on a crafted link, to download arbitrary files to the victim machine and potentially take complete control of the host.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host contains a Spring Framework library version that is 5.0.x prior to 5.0.16 or 5.1.x prior to 5.1.13 or 5.2.x prior to 5.2.3. It is, therefore, affected by a reflected file download vulnerability. An attacker can exploit this tricking user to click on a URL for trusted domain. Upon clicking on the malicious link, the victim will be presented with a download which appears to have originated from a trusted domain. Once downloaded, the malicious payload can execute arbitrary code and potentially completely take-over a system.

ID	Name	Product	Family	Severity
212423	Oracle Siebel Server <= 21.1 (April 2021 CPU)	Nessus	Misc.	high
138592	Oracle WebLogic Server Multiple Vulnerabilities (Jul 2020 CPU)	Nessus	Misc.	critical
138569	MySQL Enterprise Monitor 4.0.x < 4.0.13.5350 / 8.0.x < 8.0.21.1243 (Jul 2020 CPU)	Nessus	CGI abuses	high
133148	Spring Framework 5.0.x < 5.0.16 / 5.1.x < 5.1.13 / 5.2.x < 5.2.3 Spring Framework Reflected File Download Vulnerability. (CVE-2020-5398)	Nessus	Misc.	high

Detections

Analytics

CVE-2020-5398

high

Tenable Plugins

high

critical

high

high