VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Windows

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework < 5.3.39 Spring Expression DoS Vulnerability - Linux

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VMware Spring Framework < 5.3.38, 6.0.x < 6.0.23, 6.1.x < 6.1.12 DoS Vulnerability - Linux

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct...

PT-2024-7271 · Spring +1 · Spring Framework +1

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 5.3.0 through 5.3.38 Spring Framework older unsupported versions Description: The issue is related to the Spring Expression Language SpEL in Spring Framework. It is possible for a user to provide a specially crafted...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22262]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability in UriComponentsBuilder CVE-2024-22262. VMware Tanzu Spring Framework is used in our Speech Microservices. This...

Spring Tips: Spring Security method security with special guest Rob Winch

Hi, Spring fans! In this installment I have special guest Spring Security lead Rob Winch give us a master class in how the method security support works and some of its new features. Come for the security, stay for the incredible opportunity to look over a senior engineer's shoulders as he explai...

Security Bulletin: IBM Common Licensing's Administration And Reporting Tool (ART) and IBM LKS Administration Agent are affected by Spring Framework vulnerabilities.

Summary Multiple vulnerabilites in Spring Framework affect IBM Common Licensing. Security Vulnerablities have been addressed in IBM Common Licensing. Remediations/Fixes section address remediation actions. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is...

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-22259, CVE-2024-22243, CVE-2024-22262).

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-22259, CVE-2024-22243, CVE-2024-22262. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

Spring Framework < 5.3.33 / 6.0.x < 6.0.18 / 6.1.x < 6.1.5 Open Redirect (CVE-2024-22259)

The remote host contains a Spring Framework version is affected by an open redirect vulnerability. Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open...

Spring Framework < 5.3.32 / 6.0.x < 6.0.17 / 6.1.x < 6.1.4 Open Redirect (CVE-2024-22243)

The remote host contains a Spring Framework version is affected by an open redirect vulnerability. Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open...

This Week in Spring - July 23rd, 2024

Hi, Spring fans! It's such an exciting time to be alive! I hope you're doing well. It's nearly the end of July, already! Time is flying and as always the community has not disappointed with their incredible content. Let's dive right into it! have you registered for SpringOne 2024 yet? I love this...

Oracle Primavera Unifier (Jul 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering component: Integration Apache James MIME4J. Supported versio...

Oracle MySQL Enterprise Monitor (Jul 2024 CPU)

The versions of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor component Spring Security. A remote unauthenticated attacker could gain unauthorized access t...

This Week in Spring - July 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the middle of July! I can't believe it! Things have been just rushing by! did you see this awesome talk on observability by Tommy Ludwig and Jonatan Ivanov from Spring IO 2024? What is a ReadWriteLock? Spring for GraphQL...

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to open redirect vulnerability in VMware Tanzu Spring Framework ( CVE-2024-22243)

Summary Potential open redirect vulnerability in VMware Tanzu Spring Framework CVE-2024-22243 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM Process Mining CVE-2024-22262

Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow a remote attacker to conduct phishing attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Atlassian Confluence 1.0.1 < 7.19.23 / 7.20.x < 8.5.9 / 8.6.x < 8.9.1 (CONFSERVER-95943)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-95943 advisory. - Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform...

This Week in Spring - June 25th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in Par...