Lucene search
PivotalCVELIST:CVE-2020-5408HistoryMay 13, 2020 - 12:00 a.m.
CVE-2020-5408 Dictionary attack with Spring Security queryable text encryptor
2020-05-1300:00:00
CWE-329
pivotal
raw.githubusercontent.com
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.
Related
osv
osv
Insufficient Entropy in Spring Security
2020-06-15 19:34:31
CVE-2020-5408
2020-05-14 18:15:12
github
github
Insufficient Entropy in Spring Security
2020-06-15 19:34:31
cve
cve
CVE-2020-5408
2020-05-14 18:15:00
ubuntucve
ubuntucve
CVE-2020-5408
2020-05-14 00:00:00
veracode
veracode
Information Disclosure
2020-05-15 01:01:34
prion
prion
Null pointer dereference
2020-05-14 18:15:00
nessus
nessus
Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Jan 2021 CPU)
2021-01-28 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00