Vulnerability identifier: #VU18426

Vulnerability risk: Medium

CVSSv3.1: 6.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C]

CVE-ID: CVE-2019-3799

CWE-ID: CWE-22

Exploitation vector: Network

Exploits in database: 3

• June 17, 2021
  • Spring Cloud Config 2.1.x - Path Traversal (Metasploit) [Exploit-DB]
• September 1, 2020
  • defvul (Weblogic CVE-2020-14645 coherence 反序列化漏洞验证程序) [Github]
• March 18, 2020
  • Spring Cloud Config Server Directory Traversal [Metasploit]

Impact: Information disclosure and data manipulation

Vulnerable software:
Spring Cloud Config
Server applications / Application servers

Vendor: Pivotal