Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vmware spring security vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-3527
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. This is due to the fact that the proxy ticket authentication uses the information f...
Vmware Spring Security 3.1.0
Vmware Spring Security 3.1.1
Vmware Spring Security 3.1.2
Vmware Spring Security 3.1.3
Vmware Spring Security 3.1.4
Vmware Spring Security 3.2.0
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.2
Vmware Spring Security 3.2.3
Vmware Spring Security 3.2.4
7.5
CVSSv2
CVE-2014-0097
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Vmware Spring Security 3.1.0
Vmware Spring Security 3.1.1
Vmware Spring Security 3.1.2
Vmware Spring Security 3.1.3
Vmware Spring Security 3.1.4
Vmware Spring Security 3.1.5
Vmware Spring Security 3.2.0
Vmware Spring Security 3.2.1
5
CVSSv2
CVE-2012-5055
DaoAuthenticationProvider in VMware SpringSource Spring Security prior to 2.0.8, 3.0.x prior to 3.0.8, and 3.1.x prior to 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote malicious users to enumerate valid u...
Vmware Springsource Spring Security
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 2.0.5
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 3.0.2
Vmware Springsource Spring Security 3.0.3
Vmware Springsource Spring Security 3.0.4
5.1
CVSSv2
CVE-2011-2731
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security prior to 2.0.7 and 3.0.x prior to 3.0.6 stores the Authentication object in the shared security context, which allows malicious users to gain privileges via a crafted thread.
Vmware Springsource Spring Security
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 2.0.5
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 3.0.2
Vmware Springsource Spring Security 3.0.3
Vmware Springsource Spring Security 3.0.4
4.3
CVSSv2
CVE-2011-2732
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security prior to 2.0.7 and 3.0.x prior to 3.0.6 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect para...
Vmware Springsource Spring Security
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
Vmware Springsource Spring Security 2.0.4
Vmware Springsource Spring Security 2.0.5
Vmware Springsource Spring Security 3.0.0
Vmware Springsource Spring Security 3.0.1
Vmware Springsource Spring Security 3.0.2
Vmware Springsource Spring Security 3.0.3
Vmware Springsource Spring Security 3.0.4
1 EDB exploit
6.8
CVSSv2
CVE-2017-4995
An issue exists in Pivotal Spring Security 4.2.0.RELEASE up to and including 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vu...
Vmware Spring Security 4.2.0
Vmware Spring Security 4.2.1
Vmware Spring Security 4.2.2
Vmware Spring Security 5.0.0
5.5
CVSSv3
CVE-2023-34042
The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission A...
Vmware Spring Security
Vmware Spring Security 5.7.9
Vmware Spring Security 5.7.10
5
CVSSv2
CVE-2016-9879
An issue exists in Pivotal Spring Security prior to 3.2.10, 4.1.x prior to 4.1.4, and 4.2.x prior to 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an at...
Vmware Spring Security 3.2.0
Vmware Spring Security 3.2.1
Vmware Spring Security 3.2.2
Vmware Spring Security 3.2.3
Vmware Spring Security 3.2.4
Vmware Spring Security 3.2.5
Vmware Spring Security 3.2.6
Vmware Spring Security 3.2.7
Vmware Spring Security 3.2.8
Vmware Spring Security 3.2.9
Vmware Spring Security 4.1.0
Vmware Spring Security 4.1.1
5
CVSSv2
CVE-2010-3700
VMware SpringSource Spring Security 2.x prior to 2.0.6 and 3.x prior to 3.0.4, and Acegi Security 1.0.0 up to and including 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote malicious users to bypass security constraints via a path parameter.
Acegisecurity Acegi-security 1.0.0
Acegisecurity Acegi-security 1.0.1
Acegisecurity Acegi-security 1.0.2
Acegisecurity Acegi-security 1.0.3
Acegisecurity Acegi-security 1.0.4
Acegisecurity Acegi-security 1.0.5
Acegisecurity Acegi-security 1.0.6
Acegisecurity Acegi-security 1.0.7
Vmware Springsource Spring Security 2.0.0
Vmware Springsource Spring Security 2.0.1
Vmware Springsource Spring Security 2.0.2
Vmware Springsource Spring Security 2.0.3
6.8
CVSSv2
CVE-2011-2894
Spring Framework 3.0.0 up to and including 3.0.5, Spring Security 3.0.0 up to and including 3.0.5 and 2.0.0 up to and including 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote malicious users to bypass intended security restricti...
Vmware Spring Framework
Vmware Spring Security
2 Github repositories
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-22207
joomla! cms
CVE-2024-45774
post smtp – wordpress smtp plugin with email logs and mobile app for failure notifications – gmail smtp, office 365, brevo, mailgun, amazon ses and more
XSS
CVE-2025-1094
CVE-2025-22656
malicious code
CVE-2025-0108
CVE-2024-13438
infusionsoft
XXE
supporthost
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »