Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pivotal software spring security |
||
vmware spring framework 5.0.5 |
||
oracle weblogic server 12.2.1.2 |
||
oracle enterprise manager ops center 12.2.2 |
||
oracle weblogic server 12.1.3.0 |
||
oracle weblogic server 10.3.6.0 |
||
oracle enterprise repository 12.1.3.0.0 |
||
oracle enterprise repository 11.1.1.7.0 |
||
oracle application testing suite 12.5.0.3 |
||
oracle retail back office 14.1 |
||
oracle retail back office 14.0 |
||
oracle hospitality guest access 4.2.0 |
||
oracle hospitality guest access 4.2.1 |
||
oracle enterprise manager ops center 12.3.3 |
||
oracle weblogic server 12.2.1.3 |
||
oracle endeca information discovery integrator 3.2.0 |
||
oracle endeca information discovery integrator 3.1.0 |
||
oracle application testing suite 13.1.0.1 |
||
oracle application testing suite 13.2.0.1 |
||
oracle application testing suite 13.3.0.1 |
||
oracle communications diameter signaling router |
||
oracle communications performance intelligence center |
||
oracle insurance rules palette 10.0 |
||
oracle insurance rules palette 10.2 |
||
oracle communications services gatekeeper |
||
oracle health sciences information manager 3.0 |
||
oracle healthcare master person index 3.0 |
||
oracle healthcare master person index 4.0 |
||
oracle insurance calculation engine 10.2 |
||
oracle retail customer insights 15.0 |
||
oracle retail customer insights 16.0 |
||
oracle tape library acsls 8.4 |
||
oracle communications converged application server |
||
oracle service architecture leveraging tuxedo 12.1.3.0.0 |
||
oracle service architecture leveraging tuxedo 12.2.2.0.0 |
||
oracle insurance calculation engine 10.2.1 |
||
oracle insurance calculation engine 10.1.1 |
||
oracle insurance rules palette 10.1 |
||
oracle insurance rules palette 11.0 |
||
oracle insurance rules palette 11.1 |
||
oracle big data discovery 1.6.0 |
||
oracle goldengate for big data 12.2.0.1 |
||
oracle goldengate for big data 12.3.1.1 |
||
oracle goldengate for big data 12.3.2.1 |
||
oracle enterprise manager for mysql database 13.2 |
||
oracle retail integration bus 14.1.2 |
||
oracle retail returns management 14.0 |
||
oracle retail returns management 14.1 |
||
oracle retail central office 14.0 |
||
oracle retail central office 14.1 |
||
oracle retail assortment planning 15.0 |
||
oracle retail point-of-service 14.1 |
||
oracle retail point-of-service 14.0 |
||
oracle peoplesoft enterprise fin install 9.2 |
||
oracle insurance policy administration 10.0 |
||
oracle insurance policy administration 10.1 |
||
oracle insurance policy administration 10.2 |
||
oracle insurance policy administration 11.0 |
||
oracle agile plm 9.3.3 |
||
oracle agile plm 9.3.4 |
||
oracle agile plm 9.3.5 |
||
oracle agile plm 9.3.6 |
||
oracle retail assortment planning 14.1 |
||
oracle retail assortment planning 16.0 |
||
oracle retail financial integration 13.2 |
||
oracle retail financial integration 14.0 |
||
oracle retail financial integration 14.1 |
||
oracle retail financial integration 15.0 |
||
oracle retail financial integration 16.0 |
||
oracle micros lucas 2.9.5 |
||
oracle mysql enterprise monitor |
||
oracle application testing suite 10.1 |
||
oracle retail xstore point of service 17.0 |
||
oracle communications network integrity |
||
netapp snapcenter - |
||
netapp storage automation store - |
||
netapp oncommand unified manager |
||
netapp oncommand workflow automation - |
||
netapp oncommand insight - |
||
redhat fuse 7.3.0 |