Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware spring security vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2014-3527
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information f...
Vmware Spring Security 3.1.0
Vmware Spring Security 3.1.1
Vmware Spring Security 3.1.2
Vmware Spring Security 3.1.4
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.2
Vmware Spring Security 3.2.3
Vmware Spring Security 3.2.4
Vmware Spring Security 3.1.3
Vmware Spring Security 3.2.0
668
VMScore
CVE-2014-0097
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Vmware Spring Security 3.1.1
Vmware Spring Security 3.1.2
Vmware Spring Security 3.1.3
Vmware Spring Security 3.2.0
Vmware Spring Security 3.1.4
Vmware Spring Security 3.1.5
Vmware Spring Security 3.1.0
Vmware Spring Security 3.2.1
445
VMScore
CVE-2012-5055
DaoAuthenticationProvider in VMware SpringSource Spring Security prior to 2.0.8, 3.0.x prior to 3.0.8, and 3.1.x prior to 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote malicious users to enumerate valid u...
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.5
Vmware Springsource Spring Security
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 3.0.2
Vmware Springsource Spring Security 3.0.3
Vmware Springsource Spring Security 3.0.4
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 3.0.5
Vmware Springsource Spring Security 3.1.2
Vmware Springsource Spring Security 3.1.1
454
VMScore
CVE-2011-2731
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security prior to 2.0.7 and 3.0.x prior to 3.0.6 stores the Authentication object in the shared security context, which allows malicious users to gain privileges via a crafted thread.
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 2.0.5
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
Vmware Springsource Spring Security
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 3.0.3
Vmware Springsource Spring Security 3.0.4
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 3.0.2
435
VMScore
CVE-2011-2732
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security prior to 2.0.7 and 3.0.x prior to 3.0.6 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect para...
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 3.0.2
Vmware Springsource Spring Security 3.0.3
Vmware Springsource Spring Security 3.0.4
Vmware Springsource Spring Security
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
Vmware Springsource Spring Security 2.0.5
1 EDB exploit
605
VMScore
CVE-2017-4995
An issue exists in Pivotal Spring Security 4.2.0.RELEASE up to and including 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vu...
Vmware Spring Security 4.2.1
Vmware Spring Security 4.2.2
Vmware Spring Security 5.0.0
Vmware Spring Security 4.2.0
NA
CVE-2023-34042
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission A...
Vmware Spring Security
Vmware Spring Security 5.7.9
Vmware Spring Security 5.7.10
445
VMScore
CVE-2016-9879
An issue exists in Pivotal Spring Security prior to 3.2.10, 4.1.x prior to 4.1.4, and 4.2.x prior to 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an at...
Vmware Spring Security 4.1.3
Vmware Spring Security 4.1.2
Vmware Spring Security 3.2.5
Vmware Spring Security 3.2.4
Vmware Spring Security 4.1.1
Vmware Spring Security 4.1.0
Vmware Spring Security 3.2.3
Vmware Spring Security 3.2.2
Vmware Spring Security 3.2.7
Vmware Spring Security 3.2.6
Vmware Spring Security 4.2.0
Vmware Spring Security 3.2.9
Vmware Spring Security 3.2.8
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.0
Ibm Websphere Application Server 8.5.5.6
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.5.5.4
Ibm Websphere Application Server 8.5.5.3
Ibm Websphere Application Server 8.5.5.2
Ibm Websphere Application Server 8.5.5.9
Ibm Websphere Application Server 8.5.5.1
606
VMScore
CVE-2011-2894
Spring Framework 3.0.0 up to and including 3.0.5, Spring Security 3.0.0 up to and including 3.0.5 and 2.0.0 up to and including 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote malicious users to bypass intended security restricti...
Vmware Spring Security
Vmware Spring Framework
3 Github repositories
357
VMScore
CVE-2020-5408
Spring Security versions 5.3.x before 5.3.2, 5.2.x before 5.2.4, 5.1.x before 5.1.10, 5.0.x before 5.0.16 and 4.2.x before 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data t...
Vmware Spring Security
Pivotal Software Spring Security
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »