Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-wrw4-3bnd-q7hj
Vulnerability ID VCID-wrw4-3bnd-q7hj
Aliases CVE-2017-4971
GHSA-fg9w-cffm-pmh2
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1188 Initialization of a Resource with an Insecure Default
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 5.0 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-4971.json
epss 0.75359 https://api.first.org/data/v1/epss?cve=CVE-2017-4971
epss 0.75359 https://api.first.org/data/v1/epss?cve=CVE-2017-4971
epss 0.75359 https://api.first.org/data/v1/epss?cve=CVE-2017-4971
epss 0.75359 https://api.first.org/data/v1/epss?cve=CVE-2017-4971
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fg9w-cffm-pmh2
cvssv3.1 5.9 https://jira.spring.io/browse/SWF-1700
generic_textual MODERATE https://jira.spring.io/browse/SWF-1700
cvssv3.1 5.9 https://nvd.nist.gov/vuln/detail/CVE-2017-4971
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2017-4971
cvssv3.1 5.9 https://pivotal.io/security/cve-2017-4971
generic_textual MODERATE https://pivotal.io/security/cve-2017-4971
cvssv3.1 5.9 http://www.securityfocus.com/bid/98785
generic_textual MODERATE http://www.securityfocus.com/bid/98785
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-4971.json
https://api.first.org/data/v1/epss?cve=CVE-2017-4971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4971
https://github.com/spring-projects/spring-webflow/commit/57f2ccb66946943fbf3b3f2165eac1c8eb6b1523
https://github.com/spring-projects/spring-webflow/commit/ec3d54d2305e6b6bce12f770fec67fe63008d45
https://jira.spring.io/browse/SWF-1700
https://nvd.nist.gov/vuln/detail/CVE-2017-4971
https://pivotal.io/security/cve-2017-4971
http://www.securityfocus.com/bid/98785
1457686 https://bugzilla.redhat.com/show_bug.cgi?id=1457686
GHSA-fg9w-cffm-pmh2 https://github.com/advisories/GHSA-fg9w-cffm-pmh2
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-4971.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://jira.spring.io/browse/SWF-1700
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-4971
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://pivotal.io/security/cve-2017-4971
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.securityfocus.com/bid/98785
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.98907
EPSS Score 0.75359
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:20:04.211340+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 38.6.0