vmware spring security 3.1.0 vulnerabilities and exploits

(subscribe to this query)

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

Vmware Spring Security 3.1.1 Vmware Spring Security 3.1.2 Vmware Spring Security 3.1.3 Vmware Spring Security 3.2.0 Vmware Spring Security 3.1.4 Vmware Spring Security 3.1.5 Vmware Spring Security 3.1.0 Vmware Spring Security 3.2.1

When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information f...

Vmware Spring Security 3.1.0 Vmware Spring Security 3.1.1 Vmware Spring Security 3.1.2 Vmware Spring Security 3.1.4 Vmware Spring Security 3.2.1 Vmware Spring Security 3.2.2 Vmware Spring Security 3.2.3 Vmware Spring Security 3.2.4 Vmware Spring Security 3.1.3 Vmware Spring Security 3.2.0

In spring cloud gateway versions before 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom ...

Vmware Spring Cloud Gateway 3.1.0 Oracle Commerce Guided Search 11.3.2 Oracle Communications Cloud Native Core Binding Support Function 22.1.3 Oracle Communications Cloud Native Core Network Repository Function 22.2.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1 Oracle Communications Cloud Native Core Console 22.2.0 Oracle Communications Cloud Native Core Network Repository Function 22.1.2

1 Github repository

In spring cloud gateway versions before 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote ex...

Vmware Spring Cloud Gateway 3.1.0 Vmware Spring Cloud Gateway Oracle Commerce Guided Search 11.3.2 Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0 Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.0 Oracle Communications Cloud Native Core Network Repository Function 1.15.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0 Oracle Communications Cloud Native Core Network Exposure Function 22.1.0 Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0 Oracle Communications Cloud Native Core Network Repository Function 1.15.1 Oracle Communications Cloud Native Core Binding Support Function 1.11.0 Oracle Communications Cloud Native Core Binding Support Function 22.1.3 Oracle Communications Cloud Native Core Network Repository Function 22.2.0 Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1 Oracle Communications Cloud Native Core Console 22.2.0 Oracle Communications Cloud Native Core Network Repository Function 22.1.2

72 Github repositories2 Articles

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.

Pivotal Software Spring Security Vmware Spring Framework 5.0.5 Oracle Agile Plm 9.3.3 Oracle Agile Plm 9.3.4 Oracle Agile Plm 9.3.5 Oracle Agile Plm 9.3.6 Oracle Application Testing Suite 10.1 Oracle Application Testing Suite 12.5.0.3 Oracle Application Testing Suite 13.1.0.1 Oracle Application Testing Suite 13.2.0.1 Oracle Application Testing Suite 13.3.0.1 Oracle Big Data Discovery 1.6.0 Oracle Communications Converged Application Server Oracle Communications Diameter Signaling Router Oracle Communications Network Integrity Oracle Communications Performance Intelligence Center Oracle Communications Services Gatekeeper Oracle Endeca Information Discovery Integrator 3.1.0 Oracle Endeca Information Discovery Integrator 3.2.0 Oracle Enterprise Manager For Mysql Database 13.2 Oracle Enterprise Manager Ops Center 12.2.2 Oracle Enterprise Manager Ops Center 12.3.3

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook