vulnerability

Progress MOVEit Automation: CVE-2020-5398: Spring Framework Reflected File Download Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:H/Au:N/C:C/I:C/A:C)	Apr 19, 2021	Dec 13, 2024	Nov 12, 2025

Severity

CVSS

(AV:N/AC:H/Au:N/C:C/I:C/A:C)

Published

Apr 19, 2021

Added

Dec 13, 2024

Modified

Nov 12, 2025

Description

The remote host contains a Spring Framework library version that is 5.0.x prior to 5.0.16 or 5.1.x prior to 5.1.13 or 5.2.x prior to 5.2.3. It is, therefore, affected by a reflected file download vulnerability.

Solution

progress-moveit-automation-upgrade-latest

References

CWE-79
CWE-494
CVE-2020-5398
https://attackerkb.com/topics/CVE-2020-5398
URL-https://community.progress.com/s/article/ka74Q000000g1xIQAQ

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today