CVE-2012-1833

🗓️ 28 Sep 2012 21:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 41 Views

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2012-1833	28 Sep 201221:00	–	cvelist
EUVD	EUVD-2012-1843	7 Oct 202500:30	–	euvd
NVD	CVE-2012-1833	28 Sep 201221:55	–	nvd
Prion	Design/Logic Flaw	28 Sep 201221:55	–	prion
Tenable Nessus	Oracle Solaris Third-Party Patch Update : grails (cve_2012_1833_permissions_privileges)	19 Jan 201500:00	–	nessus

NVD

Node

springsource grailsRange≤1.3.7

OR

springsource grailsMatch1.1.0

OR

springsource grailsMatch1.1.1

OR

springsource grailsMatch1.1.2

OR

springsource grailsMatch1.2.0

OR

springsource grailsMatch1.2.1

OR

springsource grailsMatch1.2.2

OR

springsource grailsMatch1.3.0

OR

springsource grailsMatch1.3.1

OR

springsource grailsMatch1.3.2

OR

springsource grailsMatch1.3.3

OR

springsource grailsMatch1.3.4

OR

springsource grailsMatch1.3.5

OR

springsource grailsMatch1.3.6

OR

springsource grailsMatch2.0

OR

springsource grailsMatch2.0.1

Source	Link
secunia	www.secunia.com/advisories/51113
securityfocus	www.securityfocus.com/bid/55763
support	www.support.springsource.com/security/cve-2012-1833

29 Apr 2026 01:13Current

7High risk

Vulners AI Score7

CVSS 25

EPSS0.00188

vmware springsource grails security vulnerability data binding access restriction bypass remote attack