6 matches found
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...
app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +1168 more potentially affected by CVE-2024-22234 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.1)
org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.2, =1.0.18, =1.0.2, =1.0.2, =1.0.11, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.2.2 and more Source cves: CVE-2024-22234 Source advisory: OSV:GHSA-W3W6-26F2-P474...
CVE-2024-22234
creationtimestamp| type| source ---|---|--- 2024-02-20 08:22:00+00:00| seen| https://t.me/ctinow/188210 2024-02-20 08:22:02+00:00| seen| https://t.me/ctinow/188213 2024-02-20 20:57:30+00:00| seen| https://t.me/ctinow/188908 2024-02-21 07:35:04+00:00| seen| https://t.me/arpsyndicate/3733 2024-02-2...
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...
CVE-2024-22234
CVE-2024-22234 (Spring Security) Affected: Spring Security 6.1.x prior to 6.1.7 and 6.2.x prior to 6.2.2.Vulnerability: Broken access control when an application directly calls AuthenticationTrustResolver.isFullyAuthenticated(Authentication) with a null parameter, which can erroneously return tru...