Published: 14/05/2020 Updated: 14/06/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 357

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Spring Security versions 5.3.x before 5.3.2, 5.2.x before 5.2.4, 5.1.x before 5.1.10, 5.0.x before 5.0.16 and 4.2.x before 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware spring security
pivotal software spring security

Various bits and bobs used in building projects that don't warrant having their own project

WTax Build Support Various bits and bobs used in building projects that don't warrant having their own project This repository is public so that the files in it can be linked to easily using public URLs, eg this file's URL is rawgithubusercontentcom/wtaxco/wtax-build-support/main/READMEmd OWASP Dependency Check Directory: owasp-dependency-check Various

TODO better logging: Change logs to be async and send to a queue extract JWT_TOKEN to an external property better error handling for JWT Implement CRUD for user/login remove duplicate code from all *gradle files (repositories, plugins, ) Implement /api/v3/transactions/report /api/v3/transaction/list /api/v3/transaction Implement DAO layer UT, FT, IT Demo This demo ha

CWE-330 https://tanzu.vmware.com/security/cve-2020-5408 https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://nvd.nist.gov https://github.com/wtaxco/wtax-build-support

CVE-2020-5408

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect