Lucene search
K

39 matches found

OSV
OSV
added 2026/06/23 9:44 a.m.18 views

ROOT-APP-MAVEN-CVE-2024-22243 CVE-2024-22243 in io.root.org.springframework:spring-web - Patched by Root

Root has patched CVE-2024-22243 in the io.root.org.springframework:spring-web package for Root:Maven. Multiple fixed versions available...

8.1CVSS6.2AI score0.03967EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 9:5 a.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-22243 DESCRIPTION: Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on t...

8.1CVSS6.6AI score0.03967EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/03 11:4 p.m.60 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.

Summary IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-32879 DESCRIPTION: Python Social Auth Django could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of case...

8.2CVSS9.2AI score0.8496EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/26 8:24 a.m.59 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-22259, CVE-2024-22243, CVE-2024-22262).

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-22259, CVE-2024-22243, CVE-2024-22262. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

8.1CVSS8.2AI score0.03967EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/25 12:0 a.m.72 views

Spring Framework < 5.3.32 / 6.0.x < 6.0.17 / 6.1.x < 6.1.4 Open Redirect (CVE-2024-22243)

The remote host contains a Spring Framework version is affected by an open redirect vulnerability. Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open...

8.1CVSS6.4AI score0.03967EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/25 12:0 a.m.132 views

Spring Framework < 5.3.33 / 6.0.x < 6.0.18 / 6.1.x < 6.1.5 Open Redirect (CVE-2024-22259)

The remote host contains a Spring Framework version is affected by an open redirect vulnerability. Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open...

8.1CVSS6.4AI score0.02573EPSS
Exploits1References2
Atlassian
Atlassian
added 2024/07/11 7:10 a.m.52 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.1CVSS8AI score0.03967EPSS
Exploits1
Atlassian
Atlassian
added 2024/07/11 7:10 a.m.49 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Crowd Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 5.1.0, 5.2.0, and 5.3.0 of Crowd Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/28 4:18 p.m.27 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243)

Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework CVE-2024-22243 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...

8.1CVSS7.8AI score0.03967EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.39 views

Atlassian Confluence 1.0.1 < 7.19.24 / 7.20.x < 8.5.11 / 8.6.x < 8.9.3 (CONFSERVER-95973)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95973 advisory. - Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the...

8.1CVSS6.4AI score0.03967EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.37 views

Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95943)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95943 advisory. - Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform...

8.1CVSS6.4AI score0.03967EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/27 12:0 a.m.35 views

Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95942)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95942 advisory. - Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the...

8.1CVSS6.4AI score0.03967EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/21 3:14 p.m.43 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243)

Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework CVE-2024-22243 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...

8.1CVSS7.8AI score0.03967EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2024/06/20 8:14 a.m.47 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bamboo Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

6.6AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/11 9:50 a.m.43 views

Security Bulletin: Spring vulnerability in embedded components may affect IBM Business Automation Workflow - CVE-2024-22243

Summary IBM Business Automation Workflow is vulnerable to a open redirect attack. Vulnerability Details CVEID:CVE-2024-22243 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability when using UriComponentsBuild...

8.1CVSS7.9AI score0.03967EPSS
Exploits1Affected Software2
Atlassian
Atlassian
added 2024/06/07 4:11 a.m.56 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...

8.1CVSS7.9AI score0.03967EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/05 8:40 p.m.35 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in spring-web-5.3.15.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of spring-web-5.3.15.jar Vulnerability Details CVEID:CVE-2024-22243 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability...

8.1CVSS7.8AI score0.03967EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2024/05/23 10:45 p.m.97 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.13.0 release and security update

Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

9.3CVSS6.6AI score0.8581EPSS
Exploits9References16
Atlassian
Atlassian
added 2024/05/10 10:10 a.m.67 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server...

7.8AI score
Exploits0
Hacker One
Hacker One
added 2024/05/07 3:11 p.m.117 views

curl: Incorrect Type Conversion in interpreting IPv4-mapped IPv6 addresses and below `curl` results in indeterminate SSRF vulnerabilities.

Vulnerability description not provided...

8.1CVSS6.6AI score0.20459EPSS
Exploits4
Rows per page
Query Builder