Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware spring security vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-34034
Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.
Vmware Spring Security
1 Github repository
NA
CVE-2023-34035
Spring Security versions 5.8 before 5.8.5, 6.0 before 6.0.5, and 6.1 before 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (Dispatcher...
Vmware Spring Security
4 Github repositories
445
VMScore
CVE-2016-9878
An issue exists in Pivotal Spring Framework prior to 3.2.18, 4.2.x prior to 4.2.9, and 4.3.x prior to 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
Vmware Spring Framework 4.3.1
Pivotal Software Spring Framework 4.3.0
Vmware Spring Framework 4.2.8
Vmware Spring Framework 4.2.1
Pivotal Software Spring Framework 4.2.0
Vmware Spring Framework 3.2.11
Vmware Spring Framework 3.2.10
Vmware Spring Framework 3.2.2
Vmware Spring Framework 3.2.1
Vmware Spring Framework 4.2.7
Vmware Spring Framework 4.2.6
Vmware Spring Framework 3.2.17
Vmware Spring Framework 3.2.16
Vmware Spring Framework 3.2.9
Vmware Spring Framework 3.2.8
Pivotal Software Spring Framework
Vmware Spring Framework 4.3.4
Vmware Spring Framework 4.2.5
Vmware Spring Framework 4.2.4
Vmware Spring Framework 3.2.15
Vmware Spring Framework 3.2.14
Vmware Spring Framework 3.2.7
445
VMScore
CVE-2019-3795
Spring Security versions 4.2.x before 4.2.12, 5.0.x before 5.0.12, and 5.1.x before 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a se...
Vmware Spring Security
Debian Debian Linux 8.0
668
VMScore
CVE-2019-11272
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, ...
Vmware Spring Security
Debian Debian Linux 8.0
NA
CVE-2023-20862
In Spring Security, versions 5.7.x before 5.7.8, versions 5.8.x before 5.8.3, and versions 6.0.x before 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security conte...
Vmware Spring Security
Netapp Active Iq Unified Manager -
1 Github repository
NA
CVE-2022-31690
Spring Security, versions 5.7 before 5.7.5, and 5.6 before 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via the browser) to the Authorizati...
Vmware Spring Security
Netapp Active Iq Unified Manager -
1 Github repository
NA
CVE-2022-31692
Spring Security, versions 5.7 before 5.7.5 and 5.6 before 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security ...
Vmware Spring Security
Netapp Active Iq Unified Manager -
5 Github repositories
446
VMScore
CVE-2021-22119
Spring Security versions 5.5.x before 5.5.1, 5.4.x before 5.4.7, 5.3.x before 5.3.10 and 5.2.x before 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or...
Vmware Spring Security
Oracle Communications Cloud Native Core Policy 1.14.0
NA
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC...
Vmware Spring Framework 6.1.2
Vmware Spring Framework 6.0.15
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »