Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware spring security vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-34047
A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registe...
Vmware Spring For Graphql
4.3
CVSSv3
CVE-2021-22060
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of inpu...
Vmware Spring Framework
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
1 Github repository
4.3
CVSSv3
CVE-2021-22096
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Vmware Spring Framework
Netapp Snap Creator Framework -
Netapp Snapcenter -
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software And Netapp Hci -
Netapp Metrocluster Tiebreaker -
Oracle Communications Cloud Native Core Console 1.9.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
2 Github repositories
NA
CVE-2011-2732
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security prior to 2.0.7 and 3.0.x prior to 3.0.6 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect para...
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 3.0.2
Vmware Springsource Spring Security 3.0.3
Vmware Springsource Spring Security 3.0.4
Vmware Springsource Spring Security
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
Vmware Springsource Spring Security 2.0.5
1 EDB exploit
NA
CVE-2011-2730
VMware SpringSource Spring Framework prior to 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote malicious users to obtain sensitive information via a (1) name attribute...
Springsource Spring Framework 2.5.0
Springsource Spring Framework 2.5.5
Springsource Spring Framework 2.5.6
Springsource Spring Framework 3.0.4
Springsource Spring Framework
Springsource Spring Framework 2.5.3
Springsource Spring Framework 2.5.4
Springsource Spring Framework 3.0.2
Springsource Spring Framework 3.0.3
Springsource Spring Framework 2.5.1
Springsource Spring Framework 2.5.2
Springsource Spring Framework 3.0.0
Springsource Spring Framework 3.0.1
Springsource Spring Framework 2.5.7
NA
CVE-2011-2731
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security prior to 2.0.7 and 3.0.x prior to 3.0.6 stores the Authentication object in the shared security context, which allows malicious users to gain privileges via a crafted thread.
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 2.0.5
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
Vmware Springsource Spring Security
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 3.0.3
Vmware Springsource Spring Security 3.0.4
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 3.0.2
NA
CVE-2012-5055
DaoAuthenticationProvider in VMware SpringSource Spring Security prior to 2.0.8, 3.0.x prior to 3.0.8, and 3.1.x prior to 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote malicious users to enumerate valid u...
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.5
Vmware Springsource Spring Security
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 3.0.2
Vmware Springsource Spring Security 3.0.3
Vmware Springsource Spring Security 3.0.4
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 3.0.5
Vmware Springsource Spring Security 3.1.2
Vmware Springsource Spring Security 3.1.1
NA
CVE-2011-2894
Spring Framework 3.0.0 up to and including 3.0.5, Spring Security 3.0.0 up to and including 3.0.5 and 2.0.0 up to and including 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote malicious users to bypass intended security restricti...
Vmware Spring Security
Vmware Spring Framework
3 Github repositories
NA
CVE-2010-3700
VMware SpringSource Spring Security 2.x prior to 2.0.6 and 3.x prior to 3.0.4, and Acegi Security 1.0.0 up to and including 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote malicious users to bypass security constraints via a path parameter.
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 2.0.3
Acegisecurity Acegi-security 1.0.4
Acegisecurity Acegi-security 1.0.5
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.5
Acegisecurity Acegi-security 1.0.2
Acegisecurity Acegi-security 1.0.3
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.1
Acegisecurity Acegi-security 1.0.6
Acegisecurity Acegi-security 1.0.7
Vmware Springsource Spring Security 3.0.2
Vmware Springsource Spring Security 3.0.3
Acegisecurity Acegi-security 1.0.0
Acegisecurity Acegi-security 1.0.1
Ibm Websphere Application Server 7.0
Ibm Websphere Application Server 6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5