In spring cloud gateway versions before 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware spring cloud gateway 3.1.0 |
||
oracle commerce guided search 11.3.2 |
||
oracle communications cloud native core binding support function 22.1.3 |
||
oracle communications cloud native core network repository function 22.2.0 |
||
oracle communications cloud native core security edge protection proxy 22.1.1 |
||
oracle communications cloud native core console 22.2.0 |
||
oracle communications cloud native core network repository function 22.1.2 |