Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pivotal software spring security vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2020-5408
Spring Security versions 5.3.x before 5.3.2, 5.2.x before 5.2.4, 5.1.x before 5.1.10, 5.0.x before 5.0.16 and 4.2.x before 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data t...
Pivotal Software Spring Security
Vmware Spring Security
1 Github repository
6.5
CVSSv2
CVE-2020-5407
Spring Security versions 5.2.x before 5.2.4 and 5.3.x before 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response a...
Pivotal Software Spring Security
7.5
CVSSv2
CVE-2018-1260
Spring Security OAuth, versions 2.3 before 2.3.3, 2.2 before 2.2.2, 2.1 before 2.1.2, 2.0 before 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint tha...
Pivotal Software Spring Security Oauth
6.8
CVSSv2
CVE-2018-15758
Spring Security OAuth, versions 2.3 before 2.3.4, and 2.2 before 2.2.3, and 2.1 before 2.1.3, and 2.0 before 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the app...
Pivotal Software Spring Security Oauth
7.5
CVSSv2
CVE-2019-3774
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
Pivotal Software Spring Batch
Pivotal Software Spring Batch 4.1.0
3.5
CVSSv2
CVE-2013-6430
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework prior to 3.2.2 does not properly escape certain characters, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a (1) line separator or...
Pivotal Software Spring Framework
5
CVSSv2
CVE-2014-3578
Directory traversal vulnerability in Pivotal Spring Framework 3.x prior to 3.2.9 and 4.0 prior to 4.0.5 allows remote malicious users to read arbitrary files via a crafted URL.
Pivotal Software Spring Framework
5.8
CVSSv2
CVE-2019-11269
Spring Security OAuth versions 2.3 before 2.3.6, 2.2 before 2.2.5, 2.1 before 2.1.5, and 2.0 before 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a reques...
Pivotal Software Spring Security Oauth
Oracle Banking Corporate Lending 14.1.0
Oracle Banking Corporate Lending 14.3.0
Oracle Banking Corporate Lending 14.4.0
1 EDB exploit
1 Github repository
6.4
CVSSv2
CVE-2019-3778
Spring Security OAuth, versions 2.3 before 2.3.5, and 2.2 before 2.2.4, and 2.1 before 2.1.4, and 2.0 before 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a requ...
Pivotal Software Spring Security Oauth
Oracle Banking Corporate Lending 14.1.0
Oracle Banking Corporate Lending 14.3.0
Oracle Banking Corporate Lending 14.4.0
1 EDB exploit
2 Github repositories
5
CVSSv2
CVE-2019-3797
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously craft...
Pivotal Software Spring Data Java Persistence Api
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
intel(r) me driver pack installer engines
avada | website builder for wordpress & woocommerce
CVE-2024-31858
intel(r) mlc software
rank math seo – ai seo tools to dominate seo rankings
template injection
CVE-2024-36280
CVE-2025-24016
information disclosure
CVE-2024-36274
CVE-2024-57605
injection
CVE-2025-24472
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »