Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware spring security vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-5408
Spring Security versions 5.3.x before 5.3.2, 5.2.x before 5.2.4, 5.1.x before 5.1.10, 5.0.x before 5.0.16 and 4.2.x before 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data t...
Pivotal Software Spring Security
Vmware Spring Security
2 Github repositories
NA
CVE-2023-34035
Spring Security versions 5.8 before 5.8.5, 6.0 before 6.0.5, and 6.1 before 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (Dispatcher...
Vmware Spring Security
4 Github repositories
NA
CVE-2023-34034
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Vmware Spring Security
2 Github repositories
5
CVSSv2
CVE-2016-9878
An issue exists in Pivotal Spring Framework prior to 3.2.18, 4.2.x prior to 4.2.9, and 4.3.x prior to 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Pivotal Software Spring Framework 4.2.0
Pivotal Software Spring Framework 4.3.0
Pivotal Software Spring Framework
Vmware Spring Framework 3.2.2
Vmware Spring Framework 3.2.1
Vmware Spring Framework 3.2.8
Vmware Spring Framework 3.2.7
Vmware Spring Framework 3.2.10
Vmware Spring Framework 3.2.9
Vmware Spring Framework 3.2.4
Vmware Spring Framework 3.2.3
Vmware Spring Framework 3.2.6
Vmware Spring Framework 3.2.5
Vmware Spring Framework 3.2.12
Vmware Spring Framework 3.2.11
Vmware Spring Framework 3.2.13
Vmware Spring Framework 3.2.15
Vmware Spring Framework 3.2.17
Vmware Spring Framework 3.2.16
Vmware Spring Framework 3.2.14
Vmware Spring Framework 4.3.3
Vmware Spring Framework 4.2.1
5
CVSSv2
CVE-2019-3795
Spring Security versions 4.2.x before 4.2.12, 5.0.x before 5.0.12, and 5.1.x before 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a se...
Vmware Spring Security
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2019-11272
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, ...
Vmware Spring Security
Debian Debian Linux 8.0
NA
CVE-2023-20862
In Spring Security, versions 5.7.x before 5.7.8, versions 5.8.x before 5.8.3, and versions 6.0.x before 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security conte...
Vmware Spring Security
Netapp Active Iq Unified Manager -
1 Github repository
NA
CVE-2022-31690
Spring Security, versions 5.7 before 5.7.5, and 5.6 before 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorizati...
Vmware Spring Security
Netapp Active Iq Unified Manager -
1 Github repository
NA
CVE-2022-31692
Spring Security, versions 5.7 before 5.7.5 and 5.6 before 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security ...
Vmware Spring Security
Netapp Active Iq Unified Manager -
5 Github repositories
4.3
CVSSv2
CVE-2022-22976
Spring Security versions 5.5.x before 5.5.7, 5.6.x before 5.6.4, and previous versions unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer ov...
Vmware Spring Security
Vmware Spring Security 5.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Active Iq Unified Manager -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »