Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware spring security vulnerabilities and exploits
(subscribe to this query)
385
VMScore
CVE-2022-22976
Spring Security versions 5.5.x before 5.5.7, 5.6.x before 5.6.4, and previous versions unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer ov...
Vmware Spring Security
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Active Iq Unified Manager -
676
VMScore
CVE-2022-22978
In spring security versions before 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable...
Vmware Spring Security
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Active Iq Unified Manager -
28 Github repositories
801
VMScore
CVE-2021-22112
Spring Security 5.4.x before 5.4.4, 5.3.x before 5.3.8.RELEASE, 5.2.x before 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programm...
Vmware Spring Security
Pivotal Software Spring Security
Oracle Hospitality Cruise Shipboard Property Management System 20.1.0
Oracle Communications Interactive Session Recorder 6.3
Oracle Communications Interactive Session Recorder 6.4
Oracle Communications Unified Inventory Management 7.4.1
Oracle Insurance Policy Administration 11.3.0
Oracle Insurance Policy Administration 11.2.0
Oracle Communications Element Manager
Oracle Mysql Enterprise Monitor
1 Github repository
356
VMScore
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of inpu...
Vmware Spring Framework
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
1 Github repository
668
VMScore
CVE-2011-2730
VMware SpringSource Spring Framework prior to 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote malicious users to obtain sensitive information via a (1) name attribute...
Springsource Spring Framework 2.5.0
Springsource Spring Framework 2.5.5
Springsource Spring Framework 2.5.6
Springsource Spring Framework 3.0.4
Springsource Spring Framework
Springsource Spring Framework 2.5.3
Springsource Spring Framework 2.5.4
Springsource Spring Framework 3.0.2
Springsource Spring Framework 3.0.3
Springsource Spring Framework 2.5.1
Springsource Spring Framework 2.5.2
Springsource Spring Framework 3.0.0
Springsource Spring Framework 3.0.1
Springsource Spring Framework 2.5.7
445
VMScore
CVE-2022-22968
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first char...
Vmware Spring Framework
Netapp Snap Creator Framework -
Netapp Snapmanager -
Netapp Active Iq Unified Manager -
Netapp Metrocluster Tiebreaker -
Netapp Cloud Secure Agent -
Oracle Mysql Enterprise Monitor
1 Github repository
357
VMScore
CVE-2022-22971
In spring framework versions before 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
Vmware Spring Framework
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Oncommand Insight -
Netapp Cloud Secure Agent -
187
VMScore
CVE-2022-22946
In spring cloud gateway versions before 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom ...
Vmware Spring Cloud Gateway 3.1.0
Oracle Commerce Guided Search 11.3.2
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
Oracle Communications Cloud Native Core Network Repository Function 22.2.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1
Oracle Communications Cloud Native Core Console 22.2.0
Oracle Communications Cloud Native Core Network Repository Function 22.1.2
1 Github repository
314
VMScore
CVE-2022-22970
In spring framework versions before 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
Vmware Spring Framework
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Netapp Brocade San Navigator -
Netapp Cloud Secure Agent -
NA
CVE-2023-22602
When using Apache Shiro prior to 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot <...
Apache Shiro
Vmware Spring Boot 2.6.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »