CVE-2018-1258

🗓️ 11 May 2018 20:00:00Reported by dellType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 241 Views

Spring Framework 5.0.5 authorization bypass in method securit

Reporter	Title	Published	Views	Family All 35
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)	24 Aug 202010:03	–	ibm
CNVD	Pivotal Spring Security and Spring Framework Elevation of Privilege Vulnerability	15 May 201800:00	–	cnvd
Cvelist	CVE-2018-1258	11 May 201820:00	–	cvelist
EUVD	EUVD-2018-0586	7 Oct 202500:30	–	euvd
F5 Networks	K18193959: Spring Framework vulnerability CVE-2018-1258	21 Feb 202318:46	–	f5
Github Security Blog	Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass	17 Oct 201820:05	–	github
myhack58	Oracle WebLogic Server high-risk security vulnerability alerts-a vulnerability alert-the black bar safety net	18 Apr 201900:00	–	myhack58
Tenable Nessus	MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)	24 Jul 202000:00	–	nessus
Tenable Nessus	Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)	18 Apr 201900:00	–	nessus
Tenable Nessus	Oracle Enterprise Manager Cloud Control (Jul 2019 CPU)	17 Jul 201900:00	–	nessus

NVD

Vulners

Node

pivotal_software spring_security

AND

vmware spring_frameworkMatch5.0.5

Node

oracle agile_plmMatch9.3.3

oracle agile_plmMatch9.3.4

oracle agile_plmMatch9.3.5

oracle agile_plmMatch9.3.6

oracle application_testing_suiteMatch10.1

oracle application_testing_suiteMatch12.5.0.3

oracle application_testing_suiteMatch13.1.0.1

oracle application_testing_suiteMatch13.2.0.1

oracle application_testing_suiteMatch13.3.0.1

oracle big_data_discoveryMatch1.6.0

oracle communications_converged_application_serverRange<7.0.0.1

oracle communications_diameter_signaling_routerRange<8.3

oracle communications_network_integrityRange7.3.2–7.3.6

oracle communications_performance_intelligence_centerRange<10.2.1

oracle communications_services_gatekeeperRange<6.1.0.4.0

oracle endeca_information_discovery_integratorMatch3.1.0

oracle endeca_information_discovery_integratorMatch3.2.0

oracle enterprise_manager_for_mysql_databaseMatch13.2

oracle enterprise_manager_ops_centerMatch12.2.2

oracle enterprise_manager_ops_centerMatch12.3.3

oracle enterprise_repositoryMatch11.1.1.7.0

oracle enterprise_repositoryMatch12.1.3.0.0

oracle goldengate_for_big_dataMatch12.2.0.1

oracle goldengate_for_big_dataMatch12.3.1.1

oracle goldengate_for_big_dataMatch12.3.2.1

oracle health_sciences_information_managerMatch3.0

oracle healthcare_master_person_indexMatch3.0

oracle healthcare_master_person_indexMatch4.0

oracle hospitality_guest_accessMatch4.2.0

oracle hospitality_guest_accessMatch4.2.1

oracle insurance_calculation_engineMatch10.1.1

oracle insurance_calculation_engineMatch10.2

oracle insurance_calculation_engineMatch10.2.1

oracle insurance_policy_administrationMatch10.0

oracle insurance_policy_administrationMatch10.1

oracle insurance_policy_administrationMatch10.2

oracle insurance_policy_administrationMatch11.0

oracle insurance_rules_paletteMatch10.0

oracle insurance_rules_paletteMatch10.1

oracle insurance_rules_paletteMatch10.2

oracle insurance_rules_paletteMatch11.0

oracle insurance_rules_paletteMatch11.1

oracle micros_lucasMatch2.9.5

oracle mysql_enterprise_monitorRange≤8.0.2.8191

oracle peoplesoft_enterprise_fin_installMatch9.2

oracle retail_assortment_planningMatch14.1

oracle retail_assortment_planningMatch15.0

oracle retail_assortment_planningMatch16.0

oracle retail_back_officeMatch14.0

oracle retail_back_officeMatch14.1

oracle retail_central_officeMatch14.0

oracle retail_central_officeMatch14.1

oracle retail_customer_insightsMatch15.0

oracle retail_customer_insightsMatch16.0

oracle retail_financial_integrationMatch13.2

oracle retail_financial_integrationMatch14.0

oracle retail_financial_integrationMatch14.1

oracle retail_financial_integrationMatch15.0

oracle retail_financial_integrationMatch16.0

oracle retail_integration_busMatch14.1.2

oracle retail_point-of-serviceMatch14.0

oracle retail_point-of-serviceMatch14.1

oracle retail_returns_managementMatch14.0

oracle retail_returns_managementMatch14.1

oracle retail_xstore_point_of_serviceMatch17.0

oracle service_architecture_leveraging_tuxedoMatch12.1.3.0.0

oracle service_architecture_leveraging_tuxedoMatch12.2.2.0.0

oracle tape_library_acslsMatch8.4

oracle weblogic_serverMatch10.3.6.0

oracle weblogic_serverMatch12.1.3.0

oracle weblogic_serverMatch12.2.1.2

oracle weblogic_serverMatch12.2.1.3

Node

netapp oncommand_insightMatch-

netapp oncommand_unified_managerRange7.3≥windows

netapp oncommand_unified_managerRange9.4≥vsphere

netapp oncommand_workflow_automationMatch-

netapp snapcenterMatch-

netapp storage_automation_storeMatch-

Node

redhat fuseMatch7.3.0

[
  {
    "product": "Spring Framework",
    "vendor": "Pivotal",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.5"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
oracle	www.oracle.com/security-alerts/cpujan2021.html
securitytracker	www.securitytracker.com/id/1041888
securitytracker	www.securitytracker.com/id/1041896
oracle	www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
securityfocus	www.securityfocus.com/bid/104222
oracle	www.oracle.com/security-alerts/cpujan2020.html
oracle	www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
oracle	www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
access	www.access.redhat.com/errata/RHSA-2019:2413

21 Nov 2024 03:59Current

9High risk

Vulners AI Score9

CVSS 26.5

CVSS 3.18.8

EPSS0.00265

CWE-863