Lucene search
K

16 matches found

OSV
OSV
added 2026/06/29 6:18 a.m.14 views

ROOT-APP-MAVEN-CVE-2022-31692 CVE-2022-31692 in io.root.org.springframework.security:spring-security-core - Patched by Root

Root has patched CVE-2022-31692 in the io.root.org.springframework.security:spring-security-core package for Root:Maven. Multiple fixed versions available...

9.8CVSS5.8AI score0.03425EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-31692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types...

9.8CVSS6.8AI score0.03425EPSS
Exploits3References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/30 4:48 p.m.44 views

Security Bulletin: IBM Common Licensing's Administration And Reporting Tool (ART) and IBM LKS Administration Agent are affected by Spring Framework vulnerabilities.

Summary Multiple vulnerabilites in Spring Framework affect IBM Common Licensing. Security Vulnerablities have been addressed in IBM Common Licensing. Remediations/Fixes section address remediation actions. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is...

9.8CVSS7.4AI score0.03425EPSS
Exploits4Affected Software1
GithubExploit
GithubExploit
added 2023/10/29 5:31 p.m.270 views

Exploit for Authorization Bypass Through User-Controlled Key in Vmware Spring_Security

CVE-2022-31692 A demonstration of a Spring Secu...

9.8CVSS9.3AI score0.03425EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/24 8:36 p.m.45 views

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2022-31692 and CVE-2023-20862 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2022-31692 and CVE-2023-20862. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions,...

9.8CVSS7.6AI score0.03425EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 8:20 p.m.35 views

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2022-31692 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite VMware Tanzu Spring Security is vulnerable to CVE-2022-31692 Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...

9.8CVSS9.3AI score0.03425EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/05 2:47 p.m.31 views

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining . CVE-2022-31692

Summary There is a vulnerability in Spring Security that could allow a remote attacker to bypass security restrictions. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION...

9.8CVSS9.2AI score0.03425EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2023/04/12 12:2 p.m.142 views

Critical: Red Hat Security Advisory: OpenShift Container Platform 4.10.56 security update

Red Hat OpenShift Container Platform release 4.10.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a...

9.8CVSS7AI score0.99931EPSS
Exploits45References11
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/13 4:46 p.m.104 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable to security bypass due to Spring Security (CVE-2022-31692, CVE-2022-22978)

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in Spring Security Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...

9.8CVSS9.4AI score0.10037EPSS
Exploits9Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.127 views

Spring Security 5.6.x < 5.6.9 / 5.7.x < 5.7.5 Authorization Bypass

The remote host contains a Spring Security version that is 5.7.x prior to 5.7.5 or 5.6.x prior to 5.6.9. It may, therefore, be affected by an authorization bypass vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

9.8CVSS6.9AI score0.03425EPSS
Exploits3References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/10 10:53 a.m.42 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to security bypass due to Spring Security (CVE-2022-31692)

Summary IBM Sterling Partner Engagement Manager has addressed a vulnerablity in Spring Security. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by a flaw when using forward or include...

9.8CVSS9.2AI score0.03425EPSS
Exploits3Affected Software1
GithubExploit
GithubExploit
added 2022/11/03 8:35 a.m.674 views

Exploit for Authorization Bypass Through User-Controlled Key in Vmware Spring_Security

CVE-2022-31692 Demo Overview A simple Spring Boot applicat...

9.8CVSS9.5AI score0.03425EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/11/01 12:0 p.m.10 views

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (>=j11.2.6.0 <=j11.2.6.1) +1921 more potentially affected by CVE-2022-31692 via org.springframework.security:spring-security-core (>=5.6.0 <=5.6.8)

org.springframework.security:spring-security-core MAVEN version =5.6.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =1.3.1.RELEASE, =0.2.0, =0.8.3, =2.1.0.M8, =1.0.0, =2.7.0.Beta3, =2.7.0.Beta4, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.Beta3, =2.7.0.RC1 and more Source cves: CVE-2022-31692 Source advisory:...

9.8CVSS6.7AI score0.03425EPSS
Exploits3
UbuntuCve
UbuntuCve
added 2022/10/31 8:15 p.m.38 views

CVE-2022-31692

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application expects that Spring Security applies...

9.8CVSS6.8AI score0.03425EPSS
Exploits3References2
Spring Security Advisories
Spring Security Advisories
added 2022/10/31 4:41 p.m.188 views

CVE-2022-31692: Authorization rules can be bypassed via forward or include in Spring Security

Spring Security 5.6.9 and 5.7.5 released on October 31st, 2022 included a fix for CVE-2022-31692 affecting the AuthorizationFilter. Users are encouraged to update as soon as possible...

4.5AI score0.03425EPSS
Exploits3
CVE
CVE
added 2022/10/31 12:0 a.m.214 views

CVE-2022-31692

CVE-2022-31692 affects Spring Security prior to 5.7.5 (and 5.6 prior to 5.6.9). The issue allows authorization bypass when an application configures the FilterChainProxy to apply security to forward/include dispatcher types and uses AuthorizationFilter via manual wiring or authorizeHttpRequests()...

9.8CVSS9.2AI score0.03425EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder