Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 9:27 a.m.42 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

10CVSS9.4AI score0.59501EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsv
added 2024/02/20 9:30 a.m.7 views

app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +1168 more potentially affected by CVE-2024-22234 via org.springframework.security:spring-security-core (>=6.2.0 <=6.2.1)

org.springframework.security:spring-security-core MAVEN version =6.2.0, =0.5.2, =0.5.0, =7.0.0, =1.0.2, =1.0.18, =1.0.2, =1.0.2, =1.0.11, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.0.0, =3.2.2.2 and more Source cves: CVE-2024-22234 Source advisory: OSV:GHSA-W3W6-26F2-P474...

7.4CVSS7.2AI score0.00682EPSS
Exploits0
Circl
Circl
added 2024/02/20 8:22 a.m.6 views

CVE-2024-22234

creationtimestamp| type| source ---|---|--- 2024-02-20 08:22:00+00:00| seen| https://t.me/ctinow/188210 2024-02-20 08:22:02+00:00| seen| https://t.me/ctinow/188213 2024-02-20 20:57:30+00:00| seen| https://t.me/ctinow/188908 2024-02-21 07:35:04+00:00| seen| https://t.me/arpsyndicate/3733 2024-02-2...

7.4CVSS7.1AI score0.00682EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/02/20 7:2 a.m.33 views

CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

7.4CVSS6.7AI score0.00682EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/20 7:2 a.m.63 views

CVE-2024-22234 CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticatedAuthentication method. Specifically, an application is vulnerable if: The applicatio...

7.4CVSS7.5AI score0.00682EPSS
Exploits0References2
CVE
CVE
added 2024/02/20 7:2 a.m.170 views

CVE-2024-22234

CVE-2024-22234 (Spring Security) Affected: Spring Security 6.1.x prior to 6.1.7 and 6.2.x prior to 6.2.2.Vulnerability: Broken access control when an application directly calls AuthenticationTrustResolver.isFullyAuthenticated(Authentication) with a null parameter, which can erroneously return tru...

7.4CVSS7.4AI score0.00682EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder