8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.6%
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CPE | Name | Operator | Version |
---|---|---|---|
org.springframework:spring-core | eq | 5.0.5.RELEASE |
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
access.redhat.com/errata/RHSA-2019:2413
github.com/advisories/GHSA-cxrj-66c5-9fmh
github.com/spring-projects/spring-framework
github.com/spring-projects/spring-framework/commit/7b8fa90d96aaf751a3256fa755d5f17e081c20f1
nvd.nist.gov/vuln/detail/CVE-2018-1258
pivotal.io/security/cve-2018-1258
security.netapp.com/advisory/ntap-20181018-0002
web.archive.org/web/20200227032934/www.securityfocus.com/bid/104222
web.archive.org/web/20200807025819/www.securitytracker.com/id/1041888
web.archive.org/web/20200807033751/www.securitytracker.com/id/1041896
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/security-alerts/cpuoct2021.html
www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.6%