Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware spring security 3.2.0 vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2014-0097
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Vmware Spring Security 3.1.4
Vmware Spring Security 3.1.0
Vmware Spring Security 3.1.5
Vmware Spring Security 3.1.3
Vmware Spring Security 3.1.1
Vmware Spring Security 3.1.2
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.0
9.8
CVSSv3
CVE-2014-3527
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information f...
Vmware Spring Security 3.1.4
Vmware Spring Security 3.1.0
Vmware Spring Security 3.1.3
Vmware Spring Security 3.1.1
Vmware Spring Security 3.1.2
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.3
Vmware Spring Security 3.2.0
Vmware Spring Security 3.2.4
Vmware Spring Security 3.2.2
7.5
CVSSv3
CVE-2016-9879
An issue exists in Pivotal Spring Security prior to 3.2.10, 4.1.x prior to 4.1.4, and 4.2.x prior to 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an at...
Vmware Spring Security 4.2.0
Vmware Spring Security 4.1.1
Vmware Spring Security 4.1.0
Vmware Spring Security 4.1.2
Vmware Spring Security 3.2.7
Vmware Spring Security 3.2.8
Vmware Spring Security 4.1.3
Vmware Spring Security 3.2.9
Vmware Spring Security 3.2.6
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.3
Vmware Spring Security 3.2.0
Vmware Spring Security 3.2.5
Vmware Spring Security 3.2.4
Vmware Spring Security 3.2.2
Ibm Websphere Application Server 8.5.5.6
Ibm Websphere Application Server 8.5.0.2
Ibm Websphere Application Server 8.5.5.8
Ibm Websphere Application Server 8.5.5.1
Ibm Websphere Application Server 8.5.5.0
Ibm Websphere Application Server 8.5.5.5
Ibm Websphere Application Server 8.5.5.9
8.8
CVSSv3
CVE-2018-1258
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
Pivotal Software Spring Security
Vmware Spring Framework 5.0.5
Oracle Weblogic Server 12.2.1.2
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Weblogic Server 12.1.3.0
Oracle Weblogic Server 10.3.6.0
Oracle Enterprise Repository 12.1.3.0.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Application Testing Suite 12.5.0.3
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Weblogic Server 12.2.1.3
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Endeca Information Discovery Integrator 3.1.0
Oracle Application Testing Suite 13.1.0.1
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Diameter Signaling Router
Oracle Communications Performance Intelligence Center
7.5
CVSSv3
CVE-2018-15756
Spring Framework, version 5.1, versions 5.0.x before 5.0.10, versions 4.3.x before 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annota...
Vmware Spring Framework
Vmware Spring Framework 5.1.0
Oracle Flexcube Private Banking 12.1.0
Oracle Insurance Policy Administration J2ee 10.2.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Weblogic Server 12.1.3.0.0
Oracle Retail Invoice Matching 13.0
Oracle Flexcube Private Banking 12.0.1
Oracle Primavera Gateway 16.2
Oracle Primavera Gateway 15.2
Oracle Retail Invoice Matching 12.0
Oracle Flexcube Private Banking 12.0.3
Oracle Insurance Rules Palette 10.2.0
Oracle Retail Service Backbone 15.0
Oracle Retail Integration Bus 15.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Communications Unified Inventory Management 7.3
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Webcenter Sites 12.2.1.3.0
Oracle Endeca Information Discovery Integrator 3.2.0
Oracle Insurance Rules Palette 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started