Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in several DB2 products such as DB2, DB2 for Cloud Pak and Web Query for i. A malicious party could exploit the exploit the vulnerabilities to grant himself locally elevated privileges assigned arbitrary code and thus execute arbitrary code with potentially privilege...

Confluence 8.7.1 is using a vulnerable library - spring-web-5.3.30

h3. Issue Summary CVE - CVE-2016-1000027 Advisory URL - https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 h3. Steps to Reproduce Build confluence to find the vulnerable artifact h3. Expected Results Vulnerable library is fixed h3. Actual Results Vulnerable library found at -...

This Week in Spring - January 2nd, 2024

Hi, Spring fans! Happy New Year! As we step into 2024, full of hope and enthusiasm, welcome to the first installment of This Week in Spring. It's a time for new beginnings and resolutions, and what better way to start than by exploring the ever-evolving world of Spring? I hope your new year...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Active MQ CVE-2023-46604 exploit This repository is a guide w...

Vulnerability fixed in NetApp Active IQ Unified Manager

NetApp has fixed a vulnerability in the Spring Web Services component of Active IQ Unified Manager for Windows, Linux, and VMware vSphere. The vulnerability allows a malicious party to gain access to sensitive data, potentially to manipulate it, or to cause a denial-of-service. NetApp has release...

A Bootiful Podcast: Trifork CTO Joris Kuipers

Hi, Spring fans! In this installment, Josh Long talks to longtime Spring community legend and Trifork CTO Joris Kuipers. Happy new year!...

This Year in Spring - 2023

Welcome to another installment of This Week in Spring! It's December 26th, 2023, and we're staring down the new year! And you know what that means, right? It's time for our annual roundup, looking at all the latest and greatest in the wild and wonderful world of Springdom. This is This Year in...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

开源工具 SpringBoot-Scan 的GUI图形化版本，对你有用的话麻烦点个Star哈哈 注意：本工具内置相关漏洞的Exp，杀软报毒属于正常现象！ 新版本工具使用 python3 main.py VulHub 漏洞测试环境搭建 git clone https://github.com/vulhub/vulhub.git 安装Docker环境 sudo apt-get install docker.io sudo apt install docker-compose 搭建CVE-2022-22965 cd /vulhub/CVE-2022-22965 sudo...

Design/Logic Flaw

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

CVE-2023-51650 Unauthorized access vulnerability on three interfaces

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

CVE-2023-51650 Unauthorized access vulnerability on three interfaces

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

The vulnerability of the Spring Boot web application framework, related to improper resource cleanup or release, allows attackers to trigger service failures.

The vulnerability of the Spring Boot web application framework lies in improper resource cleanup or release mechanisms. Exploiting this vulnerability allows an attacker to trigger a service failure through a specially crafted HTTP request...

Hertzbeat Security Vulnerabilities

Hertzbeat is an open source real-time monitoring system from the dromara organization. A security vulnerability exists in Hertzbeat versions prior to 1.4.1 that stems from a misconfiguration of Spring Boot permissions, resulting in unauthorized access vulnerabilities in three interfaces...

PT-2023-31868 · Hertzbeat · Hertzbeat

Name of the Vulnerable Software and Affected Versions: Hertzbeat versions prior to 1.4.1 Description: Hertzbeat is an open source, real-time monitoring system. Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces, potentially resulting in the...

Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-39975, CVE-2023-34042)

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-39975 DESCRIPTION: MIT Kerberos 5 aka krb5 is vulnerable to a denial of service, caused by a double free in KDC TGS processing. By sending a specially crafted request, a remote authenticated attacke...

This Week in Spring - December 19th, 2023

Hi, Spring fans! Welcome to another oh-so-festive edition of This Week in Spring! the Spring Authorization Server 1.2.1, 1.1.14, and 0.4.5, are now available Spring AMQP 3.1.1 is now available Spring Security 5.8.9, 6.1.6, 6.2.1 are now available Spring for Apache Kakfa 3.1.1 is now available...

Security Bulletin: Vulnerability in Spring Security affects IBM Process Mining CVE-2023-34042

Summary There is a vulnerability in Spring Security that could allow a local authenticated attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

org.apache.dubbo:dubbo-spring-boot-actuator (=3.1.5), org.apache.dubbo:dubbo-spring-boot-actuator-compatible (=3.1.5) +5 more potentially affected by CVE-2023-46279 via org.apache.dubbo:dubbo (=3.1.5)

org.apache.dubbo:dubbo MAVEN version =3.1.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.dubbo:dubbo and may be impacted: - org.apache.dubbo:dubbo-spring-boot-actuator =3.1.5 - org.apache.dubbo:dubbo-spring-boot-actuator-compatible =3.1.5...

cc.ecore:spring-jfinal (=0.0.1), cc.ecore:spring-jfinal-plugin (>=0.1.0 <=0.1.2) +164 more potentially affected by CVE-2023-50101 via com.jfinal:jfinal (>=1.4 <=5.0.0)

com.jfinal:jfinal MAVEN version =1.4, =0.1.0, =0.1.1, =1.0.2, =1.0.0, =1.0, =3.30.7-RELEASE, =0.0.8, =0.0.8, =0.0.8, =1.29.1.trial, =1.29.1.trial, =1.45.0 - cn.dreampie:jfinal-akka =0.1 and more Source cves: CVE-2023-50101 Source advisory: OSV:GHSA-M3P6-43XJ-PF9V...

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.4 release and security update

Red Hat Integration Camel for Spring Boot 3.20.4 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...